Discovered by:
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure
Advisory URL:
http://yehg.net/lab/pr0js/view.php/Apache%20Security%20Bypass%20Vul%20DomPDF.pdf
Risk: Highest
Threats: Sensitive Information Leakage
Product Name: DOMPDF
Product Description: PHP5 HTML to PDF converter
Author: Benj Carson <[email protected]>
URL: http://www.digitaljunkies.ca/dompdf
DOMPDF lets attackers to read any files on the server outputted as pdf
files
via crafted urls.
Discovered by:
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure
Advisory URL:
http://yehg.net/lab/pr0js/view.php/Apache%20Security%20Bypass%20Vul%20DomPDF.pdf
Risk: Highest
Threats: Sensitive Information Leakage
Product Name: DOMPDF
Product Description: PHP5 HTML to PDF converter
Author: Benj Carson <[email protected]>
URL: http://www.digitaljunkies.ca/dompdf
DOMPDF lets attackers to read any files on the server outputted as pdf
files
via crafted urls.