3

Can someone hack a website that uses this kind of header to open a pdf?

<?php
header("Content-type:application/pdf");

// It will be called downloaded.pdf
header("Content-Disposition:attachment;filename='downloaded.pdf'");

// The PDF source is in original.pdf
readfile("original.pdf");
?>
Paul
  • 159
  • 2
  • 7

1 Answers1

1

There's no security vulnerability directly in your code.

As an aside, I assume you're using parameterized queries via MySQLi or PDO when doing database calls? If not, you're highly likely to be vulnerable to SQL injection in other parts of your site.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • 1
    Worth pointing out that while this code doesn't contain any vulnerabilities, there could be exploit code in the PDF depending on where it came from, which could be leveraged to attack the browser and then in turn the site through the user. – tylerl Aug 06 '12 at 06:33
  • @tylerl : thanks, tylerl, what do you mean by that? the pdf is only uploaded by the same person, it is not open to anybody willing to upload a file, so the the pdf at the beginning is safe. Can someone use this downloaded pdf to attack the website? Thanks – Paul Aug 08 '12 at 01:13
  • 1
    @Paul He's saying that if a second user *can* control the PDF somehow, they could infect people. You just have to look out for vulnerabilities that might allow one user to upload a PDF that might overwrite another user's. – Polynomial Aug 08 '12 at 05:44