Welcome CTF-2021 WEB
题目作者: 未知
一 血: admin889
一血奖励: 0金币
解 决: 1
提 示:
描 述:
This challenge is testing on SSRF(I personally think it is much more than a SSRF, just imagine a scenario where a browser reside in the internal network is executing arbitrary HTML/JS file you feed it).
A resume generator website, user can enter their personal details, backend will generate a HTML resume template and call wkhtmltopdf to generate the PDF file from that HTML resume.
In the older version of wkhtmltopdf(prior of the latest 12.6, refer to wkhtmltopdf/wkhtmltopdf#4536 ), it is vulnerable to local file disclosure.
I am hosting another website locally, its domain will be resolved via /etc/hosts. This website requires login, but weak credentials are being used. Player needs to craft an auto-submitting form to login to the website to get the flag.