Token Hijacking via PDF File

by Dawid Czagan

PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it?

In a free video Dawid Czagan (Nullcon instructor) will show you step by step how this attack works and how you can check if your web application is vulnerable to this attack.

Watch this free video and feel the taste of Dawid Czagan’s training Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation (Nullcon 2023, 11-12 March; detailed description is here)


Author

Dawid Czagan

Dawid Czagan (@dawidczagan) is an internationally recognized security researcher and trainer. He is listed among the top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of many bugs, he received numerous awards for his findings.