RonaldNov 9, 2022
Cool saas #pentest stuff today. Webapp uses a htm2pdf engine, which (unfortunately for them) leads to #lfi and even #ssrf. Had fun trying to figure this all out.
Show threadSavvy95Nov 18, 2022
@ronaldl038 did you get it to work?
Show threadRonaldNov 18, 2022
@Savvy95 yes, I did. Wasn't all that hard actually.
Show threadRonald
@Savvy95 they used pd4ml, which actually has a tag to include a file. And if you don't check user input, it's an lfi.
Nov 18, 2022 at 9:12pmWeb
Show threadSavvy95Nov 18, 2022
@ronaldl038 that is cool. The converter I see the most is pdfjs. I've been trying to get SSRF or XSS or something, but it's tough. So I like to hear how others do it.