malicious-pdf icon indicating copy to clipboard operation
malicious-pdf copied to clipboard

Published 20 hours ago verified publisher icon jonaslejon

Metadata

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Results 5 malicious-pdf issues
Sort by recently updated
recently updated
newest added

Test4.pdf appears to incorrectly exploit CVE-2019-7089

Looking at the reference blog for Test4.pdf at https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html it seems the href needs to be a UNC path like **\\\\test.com\whatever.xslt**. When running this script with test.com as the parameter...

alecdhuse avatar alecdhuse

[Enhancement]

1 comment

PDF Blind XSS payloads https://portswigger.net/research/portable-data-exfiltration

0xspade avatar 0xspade

PDF Malware

j-arivazhagan avatar j-arivazhagan

`test1.pdf` may not work

`test1.pdf` involves attempting to list `\\HOST\`, which fails because there's no share name mentioned. Mentioning a share name (even if it's non-existent) will correctly call the attacker. PR #15

captain-woof avatar captain-woof

Added share name to test1.pdf

`test1.pdf` was generated to access only `\\HOST\`, which may fail due to missing share name. Instead, if a share name is specified in the path, the listing request succeeds, like...

captain-woof avatar captain-woof

Metadata

2.7k
Stars
363
Forks
Watchers

Owner

verified publisher icon jonaslejon

Metadata

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Back