Sign in Create Account

3 Videos for DOMPDF RCE II

PRO
Tier
Medium
Medium
74 completed
Return to Exercise
image of exercise DOMPDF RCE II: Introduction

This video requires PentesterLab PRO

GO PRO
DOMPDF RCE II: Introduction

In this video, we cover the DOMPDF RCE 2 challenge, focusing on exploiting HTML injection to achieve remote code execution without relying on remote asset downloading.

video duration icon04:07 number of views icon74

 

image of exercise DOMPDF RCE II: Exploitation - part 1

This video requires PentesterLab PRO

GO PRO
Spoiler
DOMPDF RCE II: Exploitation - part 1

In this video, we cover the challenge DOMPDF RCE II, focusing on exploiting a vulnerability in DOMPDF by leveraging CSS and creating a polyglot font/phar file to gain code execution. This is part of the media badge series.

video duration icon04:58 number of views icon214

 

image of exercise DOMPDF RCE II: Exploitation - part 2

This video requires PentesterLab PRO

GO PRO
Spoiler
DOMPDF RCE II: Exploitation - part 2

In this video, we continue exploiting DOMPDF RCE by leveraging a crafted PHAR file for remote code execution. Through base64 encoding, URL encoding, and manipulating the payload, we ultimately achieve command execution on the server.

video duration icon06:55 number of views icon194