DOMPDF RCE III

This exercise covers the exploitation of a vulnerability in the DOMPDF library

PRO
Tier
Medium
2-4 Hrs.
28
Media Badge

Course


This challenge focuses on exploiting a vulnerability in DOMPDF 2.0.1 to achieve remote code execution. Participants will learn to inject a stylesheet link into the application, which references a malicious font file hosted on their server. The font file is crafted to execute PHP code when parsed. By creating an SVG file with a specific `Image` tag pointing to this font, participants can trigger the vulnerability, leading to code execution on the server.

The lab provides detailed steps, including setting up the DOMPDF options, crafting the malicious font using PHP Generic Gadget Chains, and constructing the SVG payload. The video tutorial elaborates on the process, explaining how the application fetches and caches the font file, and how the SVG `Image` tag is used to exploit the vulnerability. Successful exploitation results in a web shell being created on the server, allowing participants to execute arbitrary commands.

Want to learn more? Get started with PentesterLab Pro! GO PRO