.png)
3 days ago
17 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello everyone, Today we’re going to look at CVE-2024–4367, a serious vulnerability in PDF.js that allows attackers to run arbitrary JavaScript code. Let’s take a closer look at vulnerabilities understand how to identify them and consider steps you can take to effectively mitigate them.
CVE-2024–4367 is a critical security vulnerability in PDF.js, a popular JavaScript-based PDF viewer managed by Mozilla. This vulnerability allows attackers to execute unauthorized JavaScript code by embedding malicious scripts into PDF files. The issue arises from missing type checks when handling font data, making it possible to exploit and inject scripts.
Go to any website file upload field where pdf upload is supportedNow check the Wappalyzer extension on the file upload endpoint if it’s below 4.2.67 or not showing any version then it means it is more likely vulnerableEmbed JavaScript payloads by manipulating the FontMatrix array within the PDF. example/FontMatrix [1 0 0 1 0 (0\); alert(‘Exploited CVE-2024–4367’)//)]You can also download the pdf with domains and cookie popup from my github repo in the pdFExploit Repository:
Bengali (Bangladesh) · 
English (United States) ·