Re: [Full-disclosure] [Tool]spiderpig --a pdf javascript fuzzer in python

From: Murtaza Munaim <mmunaim@xxxxxxxxxxx>
Date: Thu, 03 Jun 2010 03:59:05 -0700

On 6/3/2010 3:52 AM, Henri Salo wrote:

On Thu, 3 Jun 2010 16:11:32 +0530
Sachin Shinde<sachinshinde11@xxxxxxxxx> wrote:

I would like 2 share my new tool spiderpig .

its a pdf javascript fuzzer which targets only javascript engine of
reader.

I know javascript is out and swf are in but still javascript exploits
will be threat unless reader disables it by default :)

you can download it from
http://code.google.com/p/spiderpig-pdffuzzer/

and for more information see my blog which is here
http://cons0ul.wordpress.com/

comments are most welcome !!
regards,
cons0ul

Why don't you have the code in SVN-repository?

---
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

svn checkout */http/*://spiderpig-pdffuzzer.googlecode.com/svn/trunk/ spiderpig-pdffuzzer-read-only

-Murtaza Munaim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] [Tool]spiderpig --a pdf javascript fuzzer in python
  - From: Sachin Shinde
- Re: [Full-disclosure] [Tool]spiderpig --a pdf javascript fuzzer in python
  - From: Henri Salo

Prev by Date: [Full-disclosure] Secunia Research: TomatoCMS Arbitrary File Upload Vulnerability
Next by Date: Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
Previous by thread: Re: [Full-disclosure] [Tool]spiderpig --a pdf javascript fuzzer in python
Next by thread: [Full-disclosure] Trend Micro Data Loss Prevention 5.2 Data Leakage
Index(es):
- Date
- Thread

Relevant Pages

Re: Heads Up if Youre Using Adobe Acrobat Reader
... Rather than fiddle with the javascript settings, would it not be simpler to add ... > A company called Remote Approach is promising to alert PDF publishers as to ... > However, when we opened the file using Adobe Acrobat Reader 7, Remote ...
(comp.security.firewalls)
Re: Using a Credit Card Reader
... Use javascript to copy from the current field to the cc field since no ... field's value should resemble anything like a credit card number.. ... since you can get the kind of control you need with server-side code. ... >> I think I may have to go with a different reader. ...
(microsoft.public.dotnet.languages.vb)
Re: Got Adobe Reader and Windows? Worry.
... Secunia) made the announcement on Feb 20 that they will release a patch ... to the pervasive use of their Reader product before releasing the patch. ... Although the exploit does not require Javascript, ... different code so a flaw in Adobe Reader won't be in other products (but ...
(microsoft.public.windowsxp.general)
Re: OT: Ghostscript, wont install
... And then in Edit->Preferences in the JavaScript category disable JavaScript ... for security reasons (I don't know any PDF documents with useful embedded ... Reader didn't crash or hang any more on my PC. ...
(sci.electronics.design)
Re: Previous View as a named action?
... Reader, or any other pdf reader, recognize this is one of the named ... Haven’t found a named action for this, but if you can add a JavaScript ... Adobe Reader does) or if JavaScript is disabled (can be disabled ... I have no idea how to add such an action using pdfTeX. ...
(comp.text.pdf)