DOMPDF RCE III

Bookmarked!

This exercise covers the exploitation of a vulnerability in the DOMPDF library

PRO Medium 2-4 Hrs. 58 Media Badge

Course

In this challenge, participants will explore how to exploit DOMPDF 2.0.1 to achieve remote code execution (RCE) by leveraging a vulnerability in its SVG parsing. This practical lab involves crafting a malicious font file and exploiting an HTML injection to gain code execution on the server.

Skills covered

Injection Operating System Network

Included with PRO

Full course content 2 videos

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account