3 Videos for DOMPDF RCE II

PRO
Tier
difficulty_medium_icon
Medium
clock icon
2-4 Hrs.
number of users completed icon
70
badge icon
Media Badge
image of exercise DOMPDF RCE II: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
DOMPDF RCE II: Introduction

In this video, we cover the DOMPDF RCE 2 challenge, focusing on exploiting HTML injection to achieve remote code execution without relying on remote asset downloading.

video duration icon04:07 number of views icon67

 

image of exercise DOMPDF RCE II: Exploitation - part 1
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
DOMPDF RCE II: Exploitation - part 1

In this video, we cover the challenge DOMPDF RCE II, focusing on exploiting a vulnerability in DOMPDF by leveraging CSS and creating a polyglot font/phar file to gain code execution. This is part of the media badge series.

video duration icon04:58 number of views icon197

 

image of exercise DOMPDF RCE II: Exploitation - part 2
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
DOMPDF RCE II: Exploitation - part 2

In this video, we continue exploiting DOMPDF RCE by leveraging a crafted PHAR file for remote code execution. Through base64 encoding, URL encoding, and manipulating the payload, we ultimately achieve command execution on the server.

video duration icon06:55 number of views icon181