Orders Receipt Renderer (SSRF) - Lab

Pantsir has just launched. If you find any issues, report to @kartik_mehta8.
For companies wanting to publish their own lab, contact @kartik_mehta8.

PantsirПанцирь

Preparing access

Checking your lab membership...

Created 30 Aug 2025Updated 30 Aug 2025

Orders Receipt Renderer (SSRF)

A receipt rendering endpoint fetches a user-provided URL, enabling server-side request forgery.

python240 pts25 min

Overview

The Orders service generates printable receipts by fetching an HTML template from a URL.

Two relevant endpoints:

GET /render?url=... (in files/app.py) — fetches a URL directly
GET /preview?url=... (in files/blueprints/receipts.py) — calls a fetch helper

An attacker reported being able to access internal services (e.g., http://127.0.0.1:..., metadata endpoints) through these endpoints.

Your task: identify where SSRF occurs and propose mitigations (allow-listing, egress proxy, DNS/IP validation, signed templates).

Recently created

Jump to the latest lab.

Solana Vault Escrow (Broken Access Control)

A Solana Anchor escrow vault instruction allows unauthorized emergency withdrawals due to a missing authority match check.

Files

orders-ssrf-flask

Wrap

Content locked

Join this lab to access the content.

app.pypython