:syringe: Stuff which works in Chrome and maybe Acrobat and Foxit. - osnr/horrifying-pdf-experiments
this is not a hall of shame. the intent is to awaken you to many of the peculiarities and weirdness of computers. hopefully, after reading these articles, you will have learned a lot and will embrace chaos.
❗️Disclosure: I worked at Smallpdf from January to November 2021. In that period, Smallpdf used PDFTron WebViewer SDK (now Apryse PDF WebViewer) to render PDF files in the browser. This information was public. Interview and first XSS in PDFTron WebViewer In October 2020, I started my job interview with Smallpdf for a Cloud Security Engineer position. During the interview process, I began to use Smallpdf as a service to “play” with it, and being a web application that renders PDF files, I tried to exploit PDF files to inject arbitrary Javascript code.