Hunting for SSRF Bugs in PDF Generators 

This BHIS article explains how attackers can find and exploit SSRF bugs in web PDF generators: identifying injection contexts, testing remote resource access and JavaScript execution, using iframes to probe internal services (including AWS IMDS to exfiltrate IAM credentials), timing strategies to increase success, and checking for vulnerable rendering components such as headless Chrome; it includes numerous proof-of-concept payloads and operational tips.