PantsirПанцирь

Preparing access

Checking your lab membership…

Orders Receipt Renderer (SSRF)
python A receipt rendering endpoint fetches a user-provided URL, enabling server-side request forgery.
medium240 ptsfreepython

Overview

The Orders service generates printable receipts by fetching an HTML template from a URL.

Two relevant endpoints:

  • GET /render?url=... (in files/app.py) — fetches a URL directly
  • GET /preview?url=... (in files/blueprints/receipts.py) — calls a fetch helper

An attacker reported being able to access internal services (e.g., http://127.0.0.1:..., metadata endpoints) through these endpoints.

Your task: identify where SSRF occurs and propose mitigations (allow-listing, egress proxy, DNS/IP validation, signed templates).

Relevant files:

  • files/app.py
  • files/blueprints/receipts.py
  • files/utils/http.py
  • files/config.py (example allow-list)
app.pypython14px