- Qualcomm Launches Snapdragon 4 Gen 2 Mobile Platform
- AMD Launches Ryzen PRO 7000 Series Mobile & Desktop Platform
- Intel Launches Sleek Single-Slot Arc Pro A60 Workstation Graphics Card
- NVIDIA Announces Latest Ada Lovelace Additions: GeForce RTX 4060 Ti & RTX 4060
- Maxon Redshift With AMD Radeon GPU Rendering Support Now Available
Social & RSS Feeds
Latest Videos
Latest News
PDF cross site scripting vulnerability
It seams that PDF documents can execute JavaScript code for no apparent reason by using the following template: http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here. You must understand that the attacker doesn’t need to have write access to the specified PDF document. In order to get an XSS vector working you need to have a PDF file hosted on the target and that’s all about it.
If you run a website or server in general, you will want to look into this deeper. It’s a -huge- issue. There is no immediate fix for this, but it’s a very simple hack that anyone with basic Javascript knowledge can exploit. If you have a slew of PDF’s on your server, you may want to remove them, or keep an eye on things.
Rob Williams
Rob founded Techgage in 2005 to be an 'Advocate of the consumer', focusing on fair reviews and keeping people apprised of news in the tech world. Catering to both enthusiasts and businesses alike; from desktop gaming to professional workstations, and all the supporting software.
