Explore a conference talk from BSides Las Vegas 2012 that delves into the intricacies of reflected PDF attacks using SQL injection. Learn from security experts Shawn Asmus and Kristov Widak as they present "Mirror Mirror," a 51-minute session that uncovers vulnerabilities in PDF generation processes. Gain insights into how attackers can exploit SQL injection flaws to manipulate PDF content, potentially leading to data exfiltration or malicious code execution. Understand the techniques used in these attacks and discover strategies to mitigate risks associated with dynamically generated PDFs in web applications.
Overview
Syllabus
2.1.5 Shawn Asmus, Kristov Widak Mirror Mirror -- Reflected PDF Attacks using SQL Injection
