john shadow.hash --wordlist=/usr/share/wordlists/rockyou.txt
Visiting http://10.10.10.116 shows a PDF conversion service. It allows uploading a .pdf file and converting it to a .txt file. Pdfy Htb Writeup
The application lacks proper input validation for the URLs it processes. john shadow
By providing a URL that redirects to a local file (e.g., file:///etc/passwd ), an attacker can force the server to include the contents of that file in the generated PDF. not stripped Found: /uploads
/usr/bin/abseil: setuid ELF 64-bit LSB executable, x86-64, dynamically linked, not stripped
Found: /uploads , /index.php
john shadow.hash --wordlist=/usr/share/wordlists/rockyou.txt
Visiting http://10.10.10.116 shows a PDF conversion service. It allows uploading a .pdf file and converting it to a .txt file.
The application lacks proper input validation for the URLs it processes.
By providing a URL that redirects to a local file (e.g., file:///etc/passwd ), an attacker can force the server to include the contents of that file in the generated PDF.
/usr/bin/abseil: setuid ELF 64-bit LSB executable, x86-64, dynamically linked, not stripped
Found: /uploads , /index.php