HTML-to-PDF converters open to 'a plethora of attack scenarios'

guest · Oct 21, 2020

HTML-to-PDF converters open to denial-of-service, SSRF, directory traversal attacks
Infosec intern assailed eight open source libraries in 11 different ways
October 21, 2020
https://portswigger.net/daily-swig/...l-of-service-ssrf-directory-traversal-attacks

Five popular open source libraries used to convert HTML files to PDF documents are vulnerable to server-side request forgery (SSRF), directory traversal, and denial-of-service (DoS) attacks.

Discovered by an intern with just four months’ infosec industry experience, the findings emerged from an ambitious project that tested eight libraries – each written in a different language – against 11 hypotheses.

“Possibly the most interesting question of all” was whether the libraries would allow JavaScript code execution during the file conversion process, said Eduardo Müller, now security analyst at Tempest Security Intelligence after concluding his internship at the firm’s Brazil office, in a blog post.
Not only did all five viable libraries – Node-HTML-PDF, Go-wkHTML, DinkToPDF, wkHTML, and PDFKit – allow JavaScript execution, but all did so by default.
Click to expand...

100% hit rate
The quintet of libraries open to JavaScript execution all fell foul of SSRF attacks, redirecting the hypothetical user to an external domain lurking within the HTML file following the conversion process.

In none of the libraries vulnerable to JavaScript-driven SSRF could Müller detect a mechanism to cap requests, which would mitigate SSRF and DoS attacks.
Attack scenarios
There is a “plethora of attack scenarios” for exploiting these flaws, Müller tells The Daily Swig. “It really depends on the target’s application/infrastructure. [...]
Click to expand...

HTML to PDF converters, can I hack them?

Nowadays there are several frameworks and libraries that greatly speed up software development, facilitating coding, making work faster and creating layers of abstraction. But not everything are flowers.

This article is about a brief evaluation of a set of libraries that allow the conversion of HTML code to PDF. Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality, and thus answer the question: “can you hack HTML to PDF converters? Let’s see…
Click to expand...

Log in or Sign up

HTML-to-PDF converters open to 'a plethora of attack scenarios'

guest Guest

Log in or Sign up

HTML-to-PDF converters open to 'a plethora of attack scenarios'

guest Guest

Useful Searches