SSRF in PDF generation

This exercise covers how you can read arbitrary files when an application generates pdf from a link you provide

< 1 Hr.
Media Badge


A Server Side Request Forgery (SSRF) vulnerability allows an attacker to manipulate a server into making unauthorized requests on their behalf, enabling access to internal resources. This lab focuses on leveraging the Weasyprint library, commonly used for generating PDFs from web pages, to exploit SSRF. By embedding a link tag within an HTML page, you will be able to include internal files as EmbeddedFile elements in the resulting PDF.

The lab is inspired by the DefCon 2019 talk "Owning the clout through SSRF and PDF generators" by Ben Sadeghipour and Cody Brocious. In the exercise, you'll create a malicious webpage that includes a link to a local file, which Weasyprint will then embed into the PDF. After generating the PDF, you will extract and decompress the EmbeddedFile section using zlib to retrieve the file contents. This practical approach provides insight into how SSRF vulnerabilities can be exploited in web applications that utilize PDF generation libraries.

Want to learn more? Get started with PentesterLab Pro! GO PRO