Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Font is not loaded on clean run #2

Open
MrInterBugs opened this issue Jan 25, 2023 · 0 comments
Open

Font is not loaded on clean run #2

MrInterBugs opened this issue Jan 25, 2023 · 0 comments

Comments

@MrInterBugs
Copy link

MrInterBugs commented Jan 25, 2023

When cloning into the application, the file already is in the fonts folder:
application/dompdf/lib/fonts/exploitfont_normal_3f83639933428d70e74a061f39009622.php

If you delete this file so that the server is like it would be on a real world system (not preloaded with the attack) and run the instructions on the readme the file will never be added back making it imposssible to achive the RCE.
Screenshot 2023-01-25 at 12 33 02

As you can se in the above screenshot exploit_font.php is never requested.

Installing the packages in the pull request that is not merged does not make a difference.

(Unsure if this is related)
I am ALSO running the same exploit on a different php system (Symfony + Dompdf V1.2.0) results in:
Uncaught PHP Exception Symfony\Component\Debug\Exception\ContextErrorException: "Warning: Invalid argument supplied for foreach()" at ...vendor/phenx/php-font-lib/src/FontLib/AdobeFontMetrics.php line 57

To fix the above fonts issue using a different payload font worked.

Hoping this is just a config issue on my system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant