Breaking mPDF with regex and logic

News
Yanac

TLDR: mPDF is an open source PHP library for generating PDFs from HTML. Right now it has ~70 million installs on packagist. Because of some logic quirks, it is possible to trigger web requests by providing it with a crafted input, even in cases where it is sanitized. And at fault is… regex? submitted by /u/ZoltyLis [link] [comments]Technical Information Security Content & DiscussionRead More