PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it?
![token-hijacking-with-pdf](https://ccsecuritytraining.com/wp-content/uploads/freshizer/3cb93fdd8971fc711caf90dc22eb2482_token-hijacking-with-pdf-409-c-80.jpg)