A walkthrough of exploiting a Markdown-to-PDF conversion vulnerability on TryHackMe's MD2PDF challenge. The attack leverages HTML iframe injection within Markdown input to bypass localhost-only access controls, demonstrating how server-side rendering can expose internal endpoints. The writeup covers reconnaissance with nmap,
Table of contents
IntroductionInitial ReconnaissanceWeb EnumerationGet Death Esther’s stories in your inboxExploitation via Localhost Restriction BypassMarkdown Meets HTMLConclusionSort: