FINDING ID: iSEC-WMF1214-15
TARGETS: The upload feature, available at http://devwiki/wiki/Special:Upload .
DESCRIPTION: PDF files can contain references to external content, such as images, audio, and video.
Loading external content from a PDF can be used to de-anonymize users who view the PDF directly
using Adobe Reader or another PDF reader.
EXPLOIT SCENARIO: An attacker wishes to determine who reads a specific wiki article. The attacker
creates a PDF that loads content from an attacker-controlled server, using an existing PDF document
related to the article as a base. A user interested in the topic opens the PDF for more information
while reading the article and their PDF reader sends a request to the attacker's server, revealing their
IP address, and by extension, their location.
SHORT TERM SOLUTION: Provide a click-through warning informing users that PDF documents are
active content that could potentially de-anonymize them when viewed directly.
LONG TERM SOLUTION: Convert uploaded PDFs to static images to avoid issues with active content.
Ensure the library used for conversion is robust as it will be parsing potentially malicious content on
the server side, which could be a greater compromise than individual users. Consider setting up a