Software Handy Base64 To Pdf Conversion Web App - Exfiltration Tip
unredacted
User
- Thread starter
- Thread Author
- #1
This is a fast and easy base64 to pdf conversion web app. I recently had a target that I was looting over a few days and the devs were alerted and began fixing the insecurity in their api. this is something that happens with larger fintech companies forme usually. It's a good idea to poke around beforehand so you have another route incase you cant bypass their patch. I bypassed their first patch, but could not get around the second so I attacked a different end point and this was the first time i had seen this kind of data returned. I checked it out and realized the requests were returning the entire pdf file in base64
Everything between "fileContent":" and " is my pdf file.
You must be logged in to see this link.
so all we want is this
You must be logged in to see this link.
Now we convert that base64 back to its original pdf file format here You must be logged in to see this link.
and get
You must be logged in to see this link.
Everything between "fileContent":" and " is my pdf file.
You must be logged in to see this link.
so all we want is this
You must be logged in to see this link.
Now we convert that base64 back to its original pdf file format here You must be logged in to see this link.
and get
You must be logged in to see this link.