CourtBouillonToday is our 4-year anniversary 🎂
Let’s talk about metrics on our projects, community, money and what’s coming next! 🎉
➡️ https://www.courtbouillon.org/blog/00053-four-years-of-courtbouillon/
@haitchfiveAncient tools like wkhtml2pdf are being deprecated soon. This is a quick, painless substitute. If you use Chromium, alter your path to the browser wherever necessary.
#wkhtml2pdf #html2pdf #pdf #html #chrome #chromium #wkhtmltopdf
83r71nKomodoSec's study uncovers critical vulnerabilities in HTML to PDF exports, revealing how Server-Side Request Forgery (SSRF) can be exploited to access sensitive information. The vulnerability allows an attacker to manipulate a server to fetch and convert web pages into PDF documents, potentially exposing internal resources and data. The study provides insights into various bypass techniques and exploitation methods, highlighting the importance of secure coding practices and the need for vigilance in securing web applications against such vulnerabilities.
The exploration begins with identifying a vulnerable endpoint that lacks proper input validation, enabling an attacker to craft malicious requests. The server is then tricked into fetching a web page and converting it into a PDF document, exploiting its functionality to make HTTP requests to internal resources. This process can lead to unauthorized access to sensitive information, including data leakage and unauthorized access to internal files and debug ports.
The study also details the exploitation of AWS metadata and customer information through the SSRF vulnerability. It demonstrates how an attacker can bypass SSRF protections and access AWS keys, enabling them to manipulate files, delete files, and read customer data in the organization's buckets. The exploration underscores the potential impact of such vulnerabilities, emphasizing the importance of secure coding practices and the need for vigilance in securing web applications.
https://www.komodosec.com/post/having-fun-with-ssrf-html-to-pdf-exports-a-cybersecurity-exploration
#cybersecurity #ssrf #html2pdf #vulnerability #aws #metadata #keys #komodosec
Exploiting SSRF via PDF Exports: A Cybersecurity Case Study | Komodo Consulting
PDF Exports: Hidden SSRF RiskIn the realm of cybersecurity, understanding vulnerabilities is paramount to safeguarding sensitive data and maintaining the integrity of systems. One such vulnerability that often lurks in the shadows is SSRF, or Server Side Request Forgery. While SSRF vulnerabilities have been extensively discussed in various contexts, today, we're going to delve into a unique perspective – exploring SSRF vulnerabilities through the lens of HTML to PDF exports.What is an SSRF vulne
FinkelsteinConvertir du HTML en PDF / images
https://korben.info/convertir-html-pdf-images.html
