Pdfy Htb Writeup Upd ^hot^
PDFY: A Comprehensive Writeup on the Hack The Box (HTB) Machine
→ Unsafe concatenation.
Result: Obtain a service file containing credentials or an internal URL exposing an admin panel. pdfy htb writeup upd
- Discovery: The "Convert URL" functionality is vulnerable to Server-Side Request Forgery (SSRF).
- The Attack: While
wkhtmltopdftypically restricts access to local files (likefile:///etc/passwd), it is often possible to force it to render internal web pages. - Internal Enumeration: By using the SSRF to scan internal ports (e.g.,
http://127.0.0.1:PORT), you typically discover an internal administrative dashboard or API endpoint that is firewalled off from the outside. Let's say this internal service runs on port 5000 or 8080. - Exploitation: You can feed the PDF converter a URL like
http://127.0.0.1:5000/adminor an internal API endpoint.