PDFsharp & MigraDoc Foundation http://forum.pdfsharp.com/ |
|
Question about Detecting javascript embedded in PDF http://forum.pdfsharp.com/viewtopic.php?f=2&t=4674 |
Page 1 of 1 |
Author: | Hennessey322 [ Thu Sep 12, 2024 3:43 am ] |
Post subject: | Question about Detecting javascript embedded in PDF |
Hi, I have a case that need to Detect if there's a JavaScript embedded in a PDF File in .NET 8. And i'm using pdfsharp version 6.2.0 preview 1 is it possible ? or is there any documentation that used for checking embedded JavaScript in pdf file ? |
Author: | Thomas Hoevel [ Thu Sep 12, 2024 8:32 am ] |
Post subject: | Re: Question about Detecting javascript embedded in PDF |
We don't have a sample yet. There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made. Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you. |
Author: | Hennessey322 [ Thu Sep 12, 2024 9:03 am ] |
Post subject: | Re: Question about Detecting javascript embedded in PDF |
Thomas Hoevel wrote: We don't have a sample yet. There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made. Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you. Well, i'm trying to close vulnerable from stored xss in a pdf file. which is why i need to detect and reject any pdf file that have javascript embedded. here's one of the stored xss example : Code: %PDF-1.7
1 0 obj <</Type /Catalog /Pages 2 0 R /OpenAction 3 0 R>> endobj 2 0 obj <</Type /Pages /Kids [4 0 R] /Count 1>> endobj 3 0 obj <</Type /Action /S /JavaScript /JS ( var user = app.response({ cQuestion: 'Enter your username', cTitle: 'Login Required', bPassword: false, cLabel: 'Username:' }); var pass = app.response({ cQuestion: 'Enter your password', cTitle: 'Login Required', bPassword: true, cLabel: 'Password:' }); var userEncoded = encodeURIComponent(user); var passEncoded = encodeURIComponent(pass); //var sendData = 'user' + encodeURIComponent(user) + '&pass' + encodeURIComponent(pass); //this.submitForm({ // cURL: server + '?' + sendData, //cSubmitAs: 'HTML' //}); )> endobj 4 0 obj <</Type /Page /Parent 2 0 R /MediaBox [0 0 612 792]>> endobj trailer <</Root 1 0 R>> %%EOF |
Page 1 of 1 | All times are UTC |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |