ResumeWEB 未解决

分数: 0 金币: 0
题目作者: 未知
一  血: admin889
一血奖励: 0金币
解  决: 1
提  示:
描  述:

Challenge Details

This challenge is testing on SSRF(I personally think it is much more than a SSRF, just imagine a scenario where a browser reside in the internal network is executing arbitrary HTML/JS file you feed it).

A resume generator website, user can enter their personal details, backend will generate a HTML resume template and call wkhtmltopdf to generate the PDF file from that HTML resume.

In the older version of wkhtmltopdf(prior of the latest 12.6, refer to wkhtmltopdf/wkhtmltopdf#4536 ), it is vulnerable to local file disclosure.

I am hosting another website locally, its domain will be resolved via /etc/hosts. This website requires login, but weak credentials are being used. Player needs to craft an auto-submitting form to login to the website to get the flag.

WriteUp

暂无相关WriteUp

评分(0)

暂无评分

解题动态

admin889 获得了一血 1年前
问题反馈