[mhasbini]

I tried it with a bit complex pdf structure and it worked like charm +1. Would love to learn more about the underlying techniques/tech.

[hombre_fatal]

https://github.com/shashanoid/Simpdf/blob/1557bf838a8debeee1...

Btw, arbitrary code execution vuln here, OP.

[parhamn]

Yeah. Switch array & args disable the shell. I hope they’re not running that locally as the download script suggests. But then you still have a bunch of other security issues. Shrug.

[miccah]

I'm investigating the same. The upload endpoint uses secure_filename to get the filename used in that func. I'm not familiar with it, but the docs say it could return an empty string.

[dellinspiron]

It just calls https://github.com/pdf2htmlEX/pdf2htmlEX on the server.

[chipperyman573]

You could create a file named ; echo 'hi'; #

and it appears as if it would probably run anything you put between ; and # (in this case it will echo hi). Unless the filename is sanitized, which it appears to not be.

[echan00]

What calls what?

[shashanoid]

Hey, there's nothing complex going on. I'm using a tool to convert pdf to html, and it does a phenomenal job.