Certified Defensive Security Analyst by Academy. Get started now!
Interface is a medium difficulty Linux machine that features a `DomPDF` API endpoint that is vulnerable to remote command execution by injecting `CSS` into the processed data. `DomPDF` can be tricked into storing a malicious font with a `PHP` file extension in its font cache, which can then be executed by accessing it from its exposed directories. Privilege escalation involves abusing a quoted expression injection inside a bash script.