all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting SSRF in PDF HTML Injection: Basic and Blind

Add to bookmarks
Jan. 23, 2024, 4:40 p.m. | Joward

InfoSec Write-ups - Medium infosecwriteups.com

Via Imperva

On a recent application assessment, I encountered an endpoint that would take HTML from user input and generate a PDF from it. I knew that it was possible to perform SSRF by inserting an iframe, but I wanted to know how this would be abused in more complex scenarios. How about resources on different servers? How does CORS effect exploitation? What if I didn’t have access to the request response? I started exploring these in a bit more …

bug bounty hacking pentesting ssrf web app security

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Private Interact.sh server setup with a web dashboard 1 day, 13 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking tools +1
Understanding 403 Bypass: A Critical Vulnerability in Web Application Security 2 days, 13 hours ago | infosecwriteups.com
403 bypass access application applications +28
Hack Stories: Hacking Hackers EP:3 3 days, 13 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 4 days, 14 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 4 days, 14 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 4 days, 14 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 4 days, 14 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 4 days, 14 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 4 days, 14 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote Canada
View on infosec-jobs.com

Senior Application Security Engineer

@ Revinate | San Francisco Bay Area
View on infosec-jobs.com

Cyber Security Manager

@ American Express Global Business Travel | United States - New York - Virtual Location
View on infosec-jobs.com

Incident Responder Intern

@ Bentley Systems | Remote, PA, US
View on infosec-jobs.com

SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com
View more jobs