Pdfy Htb Writeup Upd -

The core vulnerability is that the server fetches external content without proper validation, leading to .

PDFy (HTB)

Port 5000 is not directly accessible from outside (filtered). However, the main web app on port 80 makes requests to localhost:5000 during PDF processing. pdfy htb writeup upd

The real breakthrough came when I noticed a peculiar PDF upload functionality on the web server. Users could upload PDF files, which were then converted to text. Intrigued, I decided to test this functionality with a malicious PDF.

To execute this attack, our local server needs to be accessible from the internet. ngrok is the perfect tool for this. The core vulnerability is that the server fetches

This method uses a simple HTML page hosted on your own machine to redirect wkhtmltopdf to the target local file.

When you spawn the PDFy challenge instance, you are presented with a simple web interface featuring a single input box. The application expects a user-submitted URL, which it processes to generate a downloadable PDF "screenshot" of that webpage. Examining the Client-Side Code The real breakthrough came when I noticed a

Common location:

Navigating to the website, we find a simple web application that takes a URL and converts the webpage into a PDF document. This is a massive "low-hanging fruit" indicator for SSRF. Whenever an application fetches content from a remote URL you provide, you should immediately test if it can fetch internal resources. 2. Identifying the Vulnerability (SSRF)