Skip to content
This repository was archived by the owner on Jan 2, 2023. It is now read-only.
This repository was archived by the owner on Jan 2, 2023. It is now read-only.

SSRF and file read with wkhtmltoimage #3570

Closed
Closed
SSRF and file read with wkhtmltoimage#3570
@filefox

Description

@filefox
filefox
opened on Jul 20, 2017

I found that if wkhtmltoimage convert a http status code 302 url,it may redirect to a local host and cut the image.

for example:

<?php
     header('location:http://127.0.0.1');
?>

put it on a outer website. wkhtmltoimage whill redirect to http://127.0.0.1 and get the image.
it will be a inner site sniffer.

it also can be a file read

<?php
     header('location:file:///tmp/1.txt');
?>

this url will redirect to a local file

i need set some options to fobidden redirect.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions