Pdfy Htb Writeup Upd · Easy & Deluxe

A web application that converts provided URLs into PDF documents. Vulnerability: Insecure URL handling during PDF generation.

sudo /usr/bin/pdftex --shell-escape

Embed this as a PDF form submission action. pdfy htb writeup upd

Common avenues on Windows PDFy-like boxes:

When you input a valid external domain like http://google.com , the server successfully converts the page to a PDF file. However, if you attempt to point the tool toward internal loopback structures like http://127.0.0.1 or http://localhost , the server returns a generic system error or blocks the request. This defense signifies that the backend application has a rudimentary blacklist filter or a validation constraint designed to prevent basic, direct SSRF attacks against internal network resources. 2. Analyzing the Vulnerability & Stack A web application that converts provided URLs into

This script, if accessed via http://our-server.com/axura.php?x=/etc/passwd , will send an HTTP 302 redirect to file:///etc/passwd .

wkhtmltopdf uses the Qt WebKit rendering engine to convert HTML pages into PDF documents. The vulnerability arises from how it handles certain HTML elements when processing a page. Specifically, wkhtmltopdf does not adequately sanitize certain URLs, making it possible to load local file:// resources. This is a classic SSRF attack vector. Common avenues on Windows PDFy-like boxes: When you

: We construct a payload using backticks or a similar syntax designed to force the server to execute a reverse shell.

or

If an application takes an arbitrary URL from a user and sends a backend request to fetch it, the immediate vulnerability type to test for is .

su root

Created by | @modsamplemaster