DOMPDF RCE III
This exercise covers the exploitation of a vulnerability in the DOMPDF library
This challenge focuses on exploiting a vulnerability in DOMPDF 2.0.1 to achieve remote code execution. Participants will learn to inject a stylesheet link into the application, which references a malicious font file hosted on their server. The font file is crafted to execute PHP code when parsed. By creating an SVG file with a specific Image
tag pointing to this font, participants can trigger the vulnerability, leading to code execution on the server.
The lab provides detailed steps, including setting up the DOMPDF options, crafting the malicious font using PHP Generic Gadget Chains, and constructing the SVG payload. The video tutorial elaborates on the process, explaining how the application fetches and caches the font file, and how the SVG Image
tag is used to exploit the vulnerability. Successful exploitation results in a web shell being created on the server, allowing participants to execute arbitrary commands.