Currently for file validations the following actions are implemented,
But some PDF files contains the malicious scripts like JavaScript to damage the system
More details about the PDF attacks:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2992
Question: For this case any recommended solutions?
分享 Take a look into this project https://github.com/urule99/jsunpack-n - A Generic JavaScript Unpacker
jsunpack-n emulates browser functionality when visiting a URL. It's purpose is to detect exploits that target browser and browser plug-in vulnerabilities. It accepts many different types of input: ( also PDFs* )
By looking into ths file https://raw.githubusercontent.com/urule99/jsunpack-n/master/pre.js it looks like it directly addresses your problem.
var util = {
375 printf : function(a,b){print ("//alert CVE-2008-2992 util.printf length ("+ a.length + "," + b.length + ")
"); },
On upload I would feed pdf into this tool and check the results.
Below some interesting resouces related to that vunelabirity which explain everything in-depth.
http://resources.infosecinstitute.com/hacking-pdf-part-1/
http://resources.infosecinstitute.com/hacking-pdf-part-2/
In part 2 of the article there is a fragment saying that you can use Spider monkey to execute pre.js (the file I mentioned eariler ) to get info about CVE
js -f pre.js -f util_printf.pdf.out
//alert CVE-2008-2992 util.printf length (13,undefined)
分享
