Web Application Pentest - HTML-to-PDF-Converter

less than 1 minute read

Below are some of the vulnerability reports in the HTML to PDF converters or PDF parsers.

https://hackerone.com/reports/520717
https://medium.com/@armaanpathan/pdfreacter-ssrf-to-root-level-local-file-read-which-led-to-rce-eb460ffb3129
https://ysamm.com/?p=280
https://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html
https://www.virtuesecurity.com/kb/wkhtmltopdf-file-inclusion-vulnerability-2/
https://nsfocusglobal.com/chrome-pdf-file-parsing-0-day-vulnerability-threat-alert/
https://labs.detectify.com/2015/03/25/stealing-files-from-web-servers-by-exploiting-a-popular-pdf-generator-2/
https://hackerone.com/reports/360727
https://polict.net/blog/CVE-2018-17057
https://mike-n1.github.io/SSRF_P4toP2
https://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/

Destroying Cloud Infrastructure with Nuking Tools