From iframes and file reads to full RCE. 🔥
We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.
👉 Read the full write-up here: https://neodyme.io/en/blog/html_renderer_to_rce/
We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.
👉 Read the full write-up here: https://neodyme.io/en/blog/html_renderer_to_rce/
Comments