A comprehensive tool for generating PDF-based XSS (Cross-Site Scripting) payloads that target various browsers and PDF rendering engines. These payloads focus on accessing the browser DOM, file system access, and command execution capabilities by escaping sandbox protections.
Author: SNGWN
Last Updated: 2025-07-27 06:04:52 UTC
- Overview
- Features
- Installation
- Usage
- Payload Categories
- Browser Compatibility
- Security Considerations
- Contributing
- References
- Disclaimer
This tool generates over 100 distinct PDF XSS payloads targeting various browsers and PDF rendering engines. Each payload is carefully crafted to exploit specific behaviors or vulnerabilities in different PDF renderers, potentially allowing access to browser DOM, file system operations, or command execution by escaping sandboxes.
- 100+ unique PDF XSS payloads
- Browser-specific targeting (Chrome, Firefox, Safari)
- PDF renderer-specific payloads (PDF.js, Adobe Reader)
- Custom URL integration for data exfiltration
- Organized output by browser/renderer type
- Detailed payload descriptions
- Clone the repository:
git clone https://github.com/SNGWN/pdf-xss-generator.git
cd pdf-xss-generator