CVE-2022-35583

EPSS 11.3%

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.

Productos afectados

n/a · n/a

PoCs públicas encontradas — 2

cve_referencepacketstormsecurity.com/files/171446/wkhtmltopdf-0.12.6-Server-Side-Request-Forgery.htmlno verificado exploitdbwww.exploit-db.com/exploits/51039no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/171446/wkhtmltopdf-0.12.6-Server-Side-Request-Forgery.html https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently https://drive.google.com/file/d/1LAmf_6CJLk5qDp0an2s_gVQ0TN2wmht5/view?usp=sharing https://wkhtmltopdf.org/