================================= DOMPDF Arbitrary File Read <= 0.5.1 =================================
Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure Advisory URL: http://yehg.net/lab/pr0js/view.php/Apache%20Security%20Bypass%20Vul%20DomPDF.pdf Risk: Highest Threats: Sensitive Information Leakage Product Name: DOMPDF Product Description: PHP5 HTML to PDF converter Author: Benj Carson <[email protected]> URL: http://www.digitaljunkies.ca/dompdf Vulnerability Overview ==================== DOMPDF lets attackers to read any files on the server outputted as pdf files via crafted urls. Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure Advisory URL: http://yehg.net/lab/pr0js/view.php/Apache%20Security%20Bypass%20Vul%20DomPDF.pdf Risk: Highest Threats: Sensitive Information Leakage Product Name: DOMPDF Product Description: PHP5 HTML to PDF converter Author: Benj Carson <[email protected]> URL: http://www.digitaljunkies.ca/dompdf Vulnerability Overview ==================== DOMPDF lets attackers to read any files on the server outputted as pdf files via crafted urls.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
