← Back to All Scanners
Advanced AttacksMedium Severity

PDF Injection Scanner

Tests for PDF injection and XSS in generated PDFs.

Try This Scanner

What is PDF Injection?

PDF Injection occurs when user-controlled content is embedded in dynamically generated PDFs without proper sanitization. Attackers can inject JavaScript (PDF supports scripting), launch URLs automatically, or exploit PDF reader vulnerabilities. Server-side PDF generation may also be vulnerable to SSRF or file disclosure.

Why is This Important?

PDFs are trusted document formats often opened without scrutiny. JavaScript in PDFs can execute in readers that support it, potentially stealing data or exploiting reader vulnerabilities. Server-side generation using HTML-to-PDF converters may expose internal systems to SSRF or file reading attacks.

How It Works

1. Attack Surface Mapping

Identifies complex attack vectors including race conditions, desync points, and logic flaws in your application.

2. Advanced Exploitation

Executes sophisticated attack techniques that bypass traditional security controls and detection mechanisms.

3. Impact Assessment

Demonstrates real-world impact with detailed exploitation chains and business risk analysis.

Key Capabilities

Expert-level security testing for sophisticated vulnerabilities that evade traditional scanning tools.

  • Race condition and timing attack detection
  • Request smuggling and desync analysis
  • Business logic flaw identification
  • Chained exploit development
  • Protocol-level vulnerability testing

Frequently Asked Questions

What can be injected into PDFs?

Injection types: JavaScript for code execution (/OpenAction), URLs for phishing, form submission actions, embedded files, external resource references (SSRF if server-generated), and launch actions that execute local programs (in vulnerable readers).

How does HTML-to-PDF create vulnerabilities?

HTML-to-PDF converters process user content as HTML. Attackers inject <script>, <iframe src='http://internal/'>, <link href='file:///etc/passwd'>, or other HTML that the converter processes server-side, potentially enabling SSRF, file disclosure, or RCE.

Are PDF XSS attacks still relevant?

Yes, though impact varies by reader. Adobe Reader has sandboxing but still processes JavaScript. Browser PDF viewers have different security models. Legacy or enterprise environments may use older readers. Server-side exploitation via HTML-to-PDF remains high-impact.

How do I prevent PDF injection?

Prevention: sanitize all user content before embedding, use PDF libraries that don't allow JavaScript injection, sandbox HTML-to-PDF converters (no network access, no local file access), escape special PDF characters, and validate PDF output before serving.

Related Scanners

Race Condition - TOCTOUHigh
Learn more →
Race Condition - Limit BypassMedium
Learn more →
Race Condition - Double SpendCritical
Learn more →
Request Smuggling - CL.TECritical
Learn more →

Ready to secure your application?

Start testing for pdf injection vulnerabilities today.

Get Started Free