"Hola, amigos. How’s it hangin’? I know it’s been a long time since I last rapped at ya, but I've been busier than a feather plucker on nickel wing night, ya know? You old buddy Jimbo found some discarded books out back next to the dumpster at the inconvenience store about something called 'Cold Fusion' and I've been reading through those bad boys. Shoulda called it CON-Fusion if ya ask me. But I've been having trouble reading the printed word and gettin' these awful headaches ever since I popped in side two of 'Hemispheres' and lit up some sweet Thai Stick I found underneath the passenger side seat of my crapbox Festiva -- that turned out to be the taquito I dropped last July after the Dane County Fair. It just goes to show ya, yours truly can't catch a break in this world."
[ It was at this point that we decided it wouldn't be a good idea to let Mr. Anchower write the entire blog post. We weren't wrong. -Ed. ]
Ahem. Quick post for today on an SSRF payload that can potentially be used for local file retrieval. I'll be framing it in the context of CVE-2024-34112, but it could be a viable attack against any application that is doing server-side PDF generation with user-controlled data.