all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

From XSS to RCE (dompdf 0day)

Add to bookmarks
March 16, 2022, 11 a.m. |

Positive Security | IT Security research and happy coincidences positive.security

Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.

0day dompdf rce xss

Visit resource

More from positive.security / Positive Security | IT Security research and happy coincidences

Hacking Auto-GPT and escaping its docker container 9 months, 3 weeks ago | positive.security
auto auto-gpt code container +13
Ransacking your password reset tokens 1 year, 2 months ago | positive.security
application applications brute brute-force +16
urlscan.io's SOAR spot: Chatty security tools leaking private data 1 year, 5 months ago | positive.security
data private data security security tools +2
From XSS to RCE (dompdf 0day) 2 years, 1 month ago | positive.security
0day dompdf rce xss
Find You: Building a stealth AirTag clone 2 years, 2 months ago | positive.security
airtag
Recovering redacted information from pixelated videos 2 years, 2 months ago | positive.security
information videos

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Penetration Tester

@ Resillion | Bengaluru, India
View on infosec-jobs.com

Senior Backend Software Engineer (Java) - Privacy Engineering (Open to remote across ANZ)

@ Canva | Sydney, Australia
View on infosec-jobs.com

(Senior) Information Security Professional (w/m/d)

@ IONOS | Deutschland - Remote
View on infosec-jobs.com

Information Security (Incident Response) Intern

@ Eurofins | Katowice, Poland
View on infosec-jobs.com

Game Penetration Tester

@ Magic Media | Belgrade, Vojvodina, Serbia - Remote
View on infosec-jobs.com
View more jobs