Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-2383 PoC — dompdf 信息泄露漏洞

Source
https://github.com/Relativ3Pa1n/CVE-2014-2383-LFI-to-RCE-Escalation
Associated Vulnerability
Title:dompdf 信息泄露漏洞 (CVE-2014-2383)
Description:dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
File Snapshot

 [4.0K]  /data/pocs/6462f6207556e15e767a473c68898bf0fa4cbd6d
├── [ 70K]  Pastedimage20221220074517.png
├── [ 51K]  Pastedimage20221220074830.png
├── [ 24K]  Pastedimage20221221081319.png
├── [ 70K]  Pastedimage20221221083357.png
├── [ 87K]  Pastedimage20221221095422.png
├── [ 63K]  Pastedimage20221221095441.png
├── [ 35K]  Pastedimage20221221095821.png
├── [ 25K]  Pastedimage20221221100439.png
├── [183K]  Pastedimage20221221110358.png
├── [183K]  Pastedimage20221221110618.png
├── [ 22K]  Pastedimage20221221111344.png
├── [ 12K]  Pastedimage20221221111417.png
└── [5.5K]  readme.md

0 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →