Challenge Details

This challenge is testing on SSRF(I personally think it is much more than a SSRF, just imagine a scenario where a browser reside in the internal network is executing arbitrary HTML/JS file you feed it).

A resume generator website, user can enter their personal details, backend will generate a HTML resume template and call wkhtmltopdf to generate the PDF file from that HTML resume.

In the older version of wkhtmltopdf(prior of the latest 12.6, refer to wkhtmltopdf/wkhtmltopdf#4536 ), it is vulnerable to local file disclosure.

I am hosting another website locally, its domain will be resolved via /etc/hosts. This website requires login, but weak credentials are being used. Player needs to craft an auto-submitting form to login to the website to get the flag.