Referenced link: https://0day.today/exploit/description/38287
Originally posted by 0day Exploit Database 🌴 / @inj3ct0r@twitter.com: https://twitter.com/inj3ct0r/status/1638994871825453079#m

#0day #wkhtmltopdf 0.12.6 - Server Side Request Forgery #Vulnerability #SSRF https://0day.today/exploit/description/38287

@publicvoit @neil For email→PDF, I wrote a latex environment that takes header fields and the body and produces something nice looking as long as the email is not html based. If it’s an HTML email, #wkhtmltopdf can be useful.

what can make #puppeteer (chromium?) create very big pdfs? under some (yet unknown) conditions it creates pdfs 4-5 times as big as they were with #wkhtmltopdf

what can make #puppeteer (chromium?) create very big pdfs? under some (yet unknown) conditions it creates pdfs 4-5 times as big as they were with #wkhtmltopdf

¿Cómo puedo cambiar la tipografía de #wkhtmltopdf ?

No acepta la tipografía del CSS

Ick fühl mir vergackeiert.

This version of #wkhtmltopdf has been compiled against a version of QT without the wkhtmltopdf patches. Therefore some features are missing, if you need these features please use the static version.

The weird thing is: the load isn't simply rejected, the entire conversion job fails! Patching up network manager in #wkhtmltopdf wouldn't normally produce this result, neither running #wkhtmltopdf behind a blacklisting proxy. #ssrf #bugbounty #infosec

#wkhtmltopdf itself only allows blacklisting local files, not IP addresses. I also couldn't find any projects that would add such capabilities to it. Yet the blacklist is quite sophisticated and cannot be tricked by hiding the IP behind DNS or HTTP redirects. #ssrf #bugbounty #infosec

I found a web service passing HTML code to #wkhtmltopdf running on AWS. It will happily load stuff from anywhere, but linking to localhost or 169.254.169.254 makes it produce 500 Internal Server Error. Any idea how that blacklist is implemented? #ssrf #bugbounty #infosec