Skip to main content



Local File Read via XSS in Dynamically Generated PDF

Hello Hunters,
                        This time I am writing about a Vulnerability found in another private program( on Bugcrowd which at first I thought wasn't much harmful(P4) but later escalated it to a P1.

While browsing the Application I came across an endpoint which allowed us to download some kind of Payment Statements as PDF.

The URL looked like this

I saw that the Value of utr number is reflected inside the PDF file that got downloaded so I wrote some HTML in utrnumber parameter as "><S>aaa"><S>aaa &date=2017-08-11&settlement_type=all&advice_id=undefined

Upon opening this PDF I found that the HTML was rendered and could be seen in PDF

I tried if I could use an iframe and load internal domains in the frame or if I cou…

Latest posts

Story of a Parameter Specific XSS!