TryHackMe - MD2PDF
Hello Hacker!TopTierConversions LTD is proud to announce its latest and greatest product launch 'MD2PDF'. This easy-to-use utility converts markdown files to PDF and is totally secure! Right...?
https://tryhackme.com/room/md2pdf
Reconaissance
Fist recon the website and look which ports are open I can see there are three open ports : 
Checks every ports and we can see in port:5000 it looks like both port:80 and port:5000 are same.
Directory Fuzzing
Lets fuzz the website. 
Looks like we got some hidden info. let’s access it. it says: only localhost can access it 
Verdict
so we can’t access the localhost. let’s try some other way. After some research, I have found and artical Here So, basically i need to do SSRF.
Approach
I have tried some basic way like img tag but failed then tried xss with javascript but could works. Finally tried the <iframe> tag and it’s worked. 
Conclusion
When a service developed, it’s need to sanitize the user inputs, otherwise a simple injection can break the system.