DOMPDF RCE IV
This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library
In this challenge, we delve into exploiting DOMPDF version 2.0.1, which has the $isRemoteEnabled option set to true. This setting opens up the possibility to exploit the system by leveraging a vulnerability in the URI validation process during SVG parsing, as highlighted in the advisory "Dompdf vulnerable to URI validation failure on SVG parsing."
To achieve code execution, you'll need to automate the steps you followed in the DOMPDF RCE III challenge, but this time with an unknown gadget. The process involves generating phar files, potentially using different gadgets, and brute-forcing to find the right one. Examples of the necessary command-line instructions are provided to assist with the phar file creation. Additionally, be aware of the caching mechanism that necessitates renaming the font file if errors occur.