If using wkhtmltopdf in production, ensure it is updated and configured with --disable-local-file-access to prevent this exact type of leak.
This is a known command-line tool that uses the WebKit rendering engine to convert HTML to PDF. Crucially, older versions of this tool are vulnerable to SSRF because they follow redirects and execute JavaScript. pdfy htb writeup upd
Your server responds with a 302 Redirect to file:///etc/passwd . If using wkhtmltopdf in production, ensure it is
As noted in the official HTB discussion , beginners often overcomplicate this by trying to get a shell, but the goal is purely a file leak. Your server responds with a 302 Redirect to
Upon launching the challenge, you are greeted with a simple web interface that prompts for a URL. The application’s stated purpose is to "turn your favorite web pages into portable PDF documents".
Always validate and sanitize user-provided URLs. Blacklisting "localhost" or "file://" is rarely sufficient, as redirects can often bypass these filters.