DOMPDF RCE IV

This exercise covers the automation of the exploitation of a vulnerability in the DOMPDF library

PRO
Tier
Hard
> 4 Hrs.
12
Media Badge

Course


In this challenge, we delve into exploiting DOMPDF version 2.0.1, which has the `$isRemoteEnabled` option set to `true`. This setting opens up the possibility to exploit the system by leveraging a vulnerability in the URI validation process during SVG parsing, as highlighted in the advisory "Dompdf vulnerable to URI validation failure on SVG parsing."

To achieve code execution, you'll need to automate the steps you followed in the DOMPDF RCE III challenge, but this time with an unknown gadget. The process involves generating phar files, potentially using different gadgets, and brute-forcing to find the right one. Examples of the necessary command-line instructions are provided to assist with the phar file creation. Additionally, be aware of the caching mechanism that necessitates renaming the font file if errors occur.

Want to learn more? Get started with PentesterLab Pro! GO PRO