mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
59 lines
1.6 KiB
YAML
59 lines
1.6 KiB
YAML
id: pdfjs-content-spoofing
|
|
|
|
info:
|
|
name: Mozilla PDF.js - Content Spoofing
|
|
author: 0x_Akoko,s4e-io
|
|
severity: medium
|
|
description: |
|
|
Detected PDF.js viewer loads and renders external PDF files without proper origin validation. Versions < v1.3.91 are vulnerable to content spoofing attacks.
|
|
reference:
|
|
- https://groups.google.com/g/mozilla.dev.pdf-js/c/_WdU9T0TRfo
|
|
- https://github.com/mozilla/pdf.js/issues/6920
|
|
classification:
|
|
cwe-id: CWE-451
|
|
metadata:
|
|
verified: true
|
|
max-request: 5
|
|
tags: pdfjs,spoofing,headless
|
|
|
|
headless:
|
|
- steps:
|
|
- args:
|
|
url: "{{BaseURL}}/{{path}}?file=https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/helpers/payloads/mozila-content-spoof.pdf"
|
|
action: navigate
|
|
|
|
- action: waitload
|
|
|
|
payloads:
|
|
path:
|
|
- "pdf.js/web/viewer.html"
|
|
- "pdfjs/web/viewer.html"
|
|
- "web/viewer.html"
|
|
- "pdfjs-dist/web/viewer.html"
|
|
- "uiFramework/js/pdfjs/web/viewer.html"
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "mozila-content-spoof.pdf"
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "viewerContainer"
|
|
- "pdfViewer"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: body
|
|
negative: true
|
|
words:
|
|
- "file origin does not match"
|
|
- "blocked"
|
|
- "Not Found"
|
|
condition: or
|
|
# digest: 4a0a0047304502202ddea783b4abe6926b8be434dc4f47d1e827789e5f58c85cc9300b01f70f34ab02210088e36c82f3b5709d75ab0180d99481228d55d25453b1dce9a1f84f154e06a186:922c64590222798bb761d5b6d8e72950 |