Web Application Pentest - HTML-to-PDF-Converter

less than 1 minute read

Below are some of the vulnerability reports in the HTML to PDF converters or PDF parsers.

  • https://hackerone.com/reports/520717
  • https://medium.com/@armaanpathan/pdfreacter-ssrf-to-root-level-local-file-read-which-led-to-rce-eb460ffb3129
  • https://ysamm.com/?p=280
  • https://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html
  • https://www.virtuesecurity.com/kb/wkhtmltopdf-file-inclusion-vulnerability-2/
  • https://nsfocusglobal.com/chrome-pdf-file-parsing-0-day-vulnerability-threat-alert/
  • https://labs.detectify.com/2015/03/25/stealing-files-from-web-servers-by-exploiting-a-popular-pdf-generator-2/
  • https://hackerone.com/reports/360727
  • https://polict.net/blog/CVE-2018-17057
  • https://mike-n1.github.io/SSRF_P4toP2
  • https://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/