The PDF “XSS Vulnerability” That Made Me False Alarm

Original link:

One of the projects I was in charge of received a vulnerability report from the outside, which demonstrated a bug related to authentication (this bug has nothing to do with uploading files, which originally allowed users to upload files) This bug is not a difficult problem, It was fixed quickly. On the contrary, the supplementary explanation at the bottom of the report surprised me: and the xss file can be uploaded to further expand the harm, and can induce members to click to obtain further information such as cookies? pdf actually supports embedding js! ? And the browser will execute! ? It’s over, it’s over, there is such a thing

The post that made me a false alarm PDF “XSS vulnerability” first appeared on mokeyjay – 超能小紫.

This article is transferred from:
This site is only for collection, and the copyright belongs to the original author.