{"id":10393,"date":"2026-02-04T21:08:27","date_gmt":"2026-02-04T19:08:27","guid":{"rendered":"https:\/\/the-s-unit.nl\/?p=10393"},"modified":"2026-02-05T11:22:44","modified_gmt":"2026-02-05T09:22:44","slug":"pdf-generatie-als-aanvalspad-naar-server-secrets","status":"publish","type":"post","link":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/","title":{"rendered":"PDF generation as an attack path to server secrets"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"10393\" class=\"elementor elementor-10393\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5965255 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5965255\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3b0d935\" data-id=\"3b0d935\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c4704a9 elementor-widget elementor-widget-heading\" data-id=\"c4704a9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><a href=\"https:\/\/the-s-unit.nl\/en\/consultancy\/trends-nieuws-inzicht\/\">What The Hack<\/a><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1efc667 elementor-widget elementor-widget-heading\" data-id=\"1efc667\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">PDF generation as an attack vector: from input field to server secrets<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3ab7c3 elementor-widget elementor-widget-image\" data-id=\"b3ab7c3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"450\" src=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-1024x576.png\" class=\"attachment-large size-large wp-image-10395\" alt=\"PDF-generatie als aanvalspad naar server secrets\" srcset=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-1024x576.png 1024w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-300x169.png 300w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-768x432.png 768w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-1536x864.png 1536w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-2048x1152.png 2048w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-18x10.png 18w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3-600x338.png 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7cbedaf elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"7cbedaf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>In What the Hack, Wesley, an ethical hacker at The S-Unit, shares a real-world example from an anonymous penetration test. A vulnerability in a PDF generator opened the door to sensitive server data.<\/strong><\/p><p><strong>How could this vulnerability be exploited, and what can you as a developer do to close off this attack path?<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bdbac21 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bdbac21\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8fc30ef\" data-id=\"8fc30ef\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-405b401 elementor-widget__width-initial elementor-widget elementor-widget-heading\" data-id=\"405b401\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">First contact: PDF generator with potential<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-35f3efb elementor-widget elementor-widget-spacer\" data-id=\"35f3efb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5e418df elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"5e418df\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>With a few well-established security principles in mind, I started a penetration test on an application handling highly sensitive and private personal data. My first step was to explore the application, understand the developers\u2019 intent, and identify where design choices might unintentionally allow exploitation.<\/p>\n<p>The application enabled users to complete questionnaires, share meeting notes between two trusted parties, and generate PDF reports. When I noticed that last feature, it immediately caught my attention. PDF generation often expands the attack surface, so I decided to take a closer look. I tested all input fields to see whether I could visibly inject HTML into the generated PDF.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f206463 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f206463\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8b71385\" data-id=\"8b71385\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c569f1d elementor-widget__width-initial elementor-widget elementor-widget-heading\" data-id=\"c569f1d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Jackpot: improper user sanitization<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1603f02 elementor-widget elementor-widget-spacer\" data-id=\"1603f02\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-852bb26 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"852bb26\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Jackpot! When reviewing the questionnaire responses, one thing immediately stood out: the input was not sanitized. My test payload appeared in bold in the PDF without any issues. I conduct much of my testing using PortSwigger\u2019s Burp Suite, a powerful tool for uncovering the inner workings of a web application. This was already a clear finding\u2014but I continued to make the real impact visible.<\/p>\n<p><strong>We\u2019re getting somewhere!<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-353cd74 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"353cd74\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ceb6835\" data-id=\"ceb6835\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a0caed3 elementor-widget elementor-widget-heading\" data-id=\"a0caed3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Digging deeper: escalation through unknown functionality <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c675405 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"c675405\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Public libraries speed up development, but sometimes introduce unnoticed attack paths. The PDF generator used by the client turned out to be extensively documented. Its accompanying wiki clearly described the available features, quickly revealing the library\u2019s capabilities, even while the application itself was still largely unexplored.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4f6c20c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4f6c20c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d067269\" data-id=\"d067269\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f252696 elementor-widget elementor-widget-heading\" data-id=\"f252696\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Local file read via PDF-generation<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6c6923 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"c6c6923\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In the documentation of the PDF generator, I discovered a feature that allowed attachments to be added to a generated PDF. This functionality enabled references to local files via a file:\/\/ handler. To gain more insight into the underlying system, I attempted to read a well-known Linux file with general read permissions using the right payload. Sure enough, after generating the PDF, the file was attached. The resulting document contained a copy of the server\u2019s password file as an attachment.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-39a8aaf elementor-widget elementor-widget-heading\" data-id=\"39a8aaf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">A turning point in the investigation<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4c84a9e elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"4c84a9e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This marked a clear turning point in the investigation. With read access to local files, I could immediately examine the configuration of the server running the PDF generator. The password file already provided an initial indication of the users and the privileges under which the process was running. This raised the next set of questions: what exact privileges did this process have, and what additional information became accessible now that I could read files?<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13a43ec elementor-widget elementor-widget-heading\" data-id=\"13a43ec\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">All the juicy stuff! (principle of least privileges)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2c28a7 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"f2c28a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Development teams often store sensitive information such as secrets, keys, and passwords in environment variables. The process responsible for generating PDFs turned out to be running as root, which gave me read access to environ, where these variables are stored. Because the PDF generator process was granted overly broad privileges, this provided insight into credentials for, among other things, Keycloak, databases, Amazon S3 buckets, and multiple internal systems.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0a800c5 elementor-widget elementor-widget-heading\" data-id=\"0a800c5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Lessons learned: where do you close off this attack path?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-554be71 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"554be71\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>How can you prevent this attack? With a few targeted decisions, this attack path could have been closed off early on.<\/p><ul><li><strong>Limit the scope of user input<\/strong><br \/>Ensure that input does not gain special or executable meaning within the context in which it is processed, such as PDF generation.<\/li><li><strong>Be critical of third-party libraries<\/strong><br \/>Review which functionality a library includes and disable any components you do not explicitly need.<\/li><li><strong>Apply the principle of least privilege consistently<\/strong><br \/>Grant processes and services access only to the data and functionality that are strictly necessary.<\/li><li><strong>Isolate supporting components<\/strong><br \/>A PDF generator, for example, does not need access to the local file system. By blocking this access, you reduce the risk that a single flaw directly results in a data breach.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-28646ad elementor-widget elementor-widget-spacer\" data-id=\"28646ad\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aee0212 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"aee0212\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Looking to gain insight into the security of your IT environment? Learn more about our <a href=\"https:\/\/the-s-unit.nl\/en\/pentesting\/\">Pentesting<\/a> and <a href=\"https:\/\/the-s-unit.nl\/en\/red-teaming\/\">Red teaming<\/a><\/strong><a href=\"https:\/\/the-s-unit.nl\/en\/red-teaming\/\">\u00a0<\/a><strong>services.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-50d4d15 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"50d4d15\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8dc170a\" data-id=\"8dc170a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-28a8e99 elementor-widget elementor-widget-spacer\" data-id=\"28a8e99\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Mendix is a leading low-code platform that enables organizations to rapidly develop, integrate, and scale applications efficiently.<\/p>","protected":false},"author":17,"featured_media":10395,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"elementor_header_footer","format":"standard","meta":{"footnotes":""},"categories":[75],"tags":[],"class_list":["post-10393","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-what-the-hack"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"Mendix is een toonaangevend low-code platform waarmee organisaties snel en effici\u00ebnt applicaties kunnen ontwikkelen, integreren en schalen.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Laurien Schimmer\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_GB\" \/>\n\t\t<meta property=\"og:site_name\" content=\"The S-Unit \u2013 Your Security Companion\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"PDF-generatie als aanvalspad naar server secrets \u2013 The S-Unit\" \/>\n\t\t<meta property=\"og:description\" content=\"Mendix is een toonaangevend low-code platform waarmee organisaties snel en effici\u00ebnt applicaties kunnen ontwikkelen, integreren en schalen.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-02-04T19:08:27+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-02-05T09:22:44+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"PDF-generatie als aanvalspad naar server secrets \u2013 The S-Unit\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Mendix is een toonaangevend low-code platform waarmee organisaties snel en effici\u00ebnt applicaties kunnen ontwikkelen, integreren en schalen.\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#blogposting\",\"name\":\"PDF-generatie als aanvalspad naar server secrets \\u2013 The S-Unit\",\"headline\":\"PDF-generatie als aanvalspad naar server secrets\",\"author\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/laurien\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/PDF-generator-3.png\",\"width\":2240,\"height\":1260,\"caption\":\"PDF-generatie als aanvalspad naar server secrets\"},\"datePublished\":\"2026-02-04T21:08:27+02:00\",\"dateModified\":\"2026-02-05T11:22:44+02:00\",\"inLanguage\":\"en-GB\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#webpage\"},\"articleSection\":\"What The Hack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/the-s-unit.nl\\\/en\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/what-the-hack\\\/#listItem\",\"name\":\"What The Hack\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/what-the-hack\\\/#listItem\",\"position\":2,\"name\":\"What The Hack\",\"item\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/what-the-hack\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#listItem\",\"name\":\"PDF-generatie als aanvalspad naar server secrets\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#listItem\",\"position\":3,\"name\":\"PDF-generatie als aanvalspad naar server secrets\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/what-the-hack\\\/#listItem\",\"name\":\"What The Hack\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#organization\",\"name\":\"The S-Unit\",\"description\":\"Your Security Companion\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/\",\"telephone\":\"+31302074177\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"\\\/\\\/the-s-unit.nl\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/logo-simple.svg\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#organizationLogo\"},\"image\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#organizationLogo\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/the-s-unit\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/laurien\\\/#author\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/laurien\\\/\",\"name\":\"Laurien Schimmer\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f35425fc55fe910c300fc6f4b03fab7c4539640b250e2c10b8a769da44bda6cd?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"Laurien Schimmer\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#webpage\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/\",\"name\":\"PDF-generatie als aanvalspad naar server secrets \\u2013 The S-Unit\",\"description\":\"Mendix is een toonaangevend low-code platform waarmee organisaties snel en effici\\u00ebnt applicaties kunnen ontwikkelen, integreren en schalen.\",\"inLanguage\":\"en-GB\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/laurien\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/laurien\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/PDF-generator-3.png\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#mainImage\",\"width\":2240,\"height\":1260,\"caption\":\"PDF-generatie als aanvalspad naar server secrets\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/pdf-generatie-als-aanvalspad-naar-server-secrets\\\/#mainImage\"},\"datePublished\":\"2026-02-04T21:08:27+02:00\",\"dateModified\":\"2026-02-05T11:22:44+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/\",\"name\":\"The S-Unit\",\"description\":\"Your Security Companion\",\"inLanguage\":\"en-GB\",\"publisher\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"PDF-generatie als aanvalspad naar server secrets \u2013 The S-Unit","description":"Mendix is a leading low-code platform that enables organizations to rapidly develop, integrate, and scale applications efficiently.","canonical_url":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#blogposting","name":"PDF-generatie als aanvalspad naar server secrets \u2013 The S-Unit","headline":"PDF-generatie als aanvalspad naar server secrets","author":{"@id":"https:\/\/the-s-unit.nl\/en\/author\/laurien\/#author"},"publisher":{"@id":"https:\/\/the-s-unit.nl\/en\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3.png","width":2240,"height":1260,"caption":"PDF-generatie als aanvalspad naar server secrets"},"datePublished":"2026-02-04T21:08:27+02:00","dateModified":"2026-02-05T11:22:44+02:00","inLanguage":"en-GB","mainEntityOfPage":{"@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#webpage"},"isPartOf":{"@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#webpage"},"articleSection":"What The Hack"},{"@type":"BreadcrumbList","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en#listItem","position":1,"name":"Home","item":"https:\/\/the-s-unit.nl\/en","nextItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/category\/what-the-hack\/#listItem","name":"What The Hack"}},{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/category\/what-the-hack\/#listItem","position":2,"name":"What The Hack","item":"https:\/\/the-s-unit.nl\/en\/category\/what-the-hack\/","nextItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#listItem","name":"PDF-generatie als aanvalspad naar server secrets"},"previousItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#listItem","position":3,"name":"PDF-generatie als aanvalspad naar server secrets","previousItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/category\/what-the-hack\/#listItem","name":"What The Hack"}}]},{"@type":"Organization","@id":"https:\/\/the-s-unit.nl\/en\/#organization","name":"The S-Unit","description":"Your Security Companion","url":"https:\/\/the-s-unit.nl\/en\/","telephone":"+31302074177","logo":{"@type":"ImageObject","url":"\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#organizationLogo"},"image":{"@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#organizationLogo"},"sameAs":["https:\/\/www.linkedin.com\/company\/the-s-unit"]},{"@type":"Person","@id":"https:\/\/the-s-unit.nl\/en\/author\/laurien\/#author","url":"https:\/\/the-s-unit.nl\/en\/author\/laurien\/","name":"Laurien Schimmer","image":{"@type":"ImageObject","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/f35425fc55fe910c300fc6f4b03fab7c4539640b250e2c10b8a769da44bda6cd?s=96&d=mm&r=g","width":96,"height":96,"caption":"Laurien Schimmer"}},{"@type":"WebPage","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#webpage","url":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/","name":"PDF-generatie als aanvalspad naar server secrets \u2013 The S-Unit","description":"Mendix is een toonaangevend low-code platform waarmee organisaties snel en effici\u00ebnt applicaties kunnen ontwikkelen, integreren en schalen.","inLanguage":"en-GB","isPartOf":{"@id":"https:\/\/the-s-unit.nl\/en\/#website"},"breadcrumb":{"@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#breadcrumblist"},"author":{"@id":"https:\/\/the-s-unit.nl\/en\/author\/laurien\/#author"},"creator":{"@id":"https:\/\/the-s-unit.nl\/en\/author\/laurien\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3.png","@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#mainImage","width":2240,"height":1260,"caption":"PDF-generatie als aanvalspad naar server secrets"},"primaryImageOfPage":{"@id":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/#mainImage"},"datePublished":"2026-02-04T21:08:27+02:00","dateModified":"2026-02-05T11:22:44+02:00"},{"@type":"WebSite","@id":"https:\/\/the-s-unit.nl\/en\/#website","url":"https:\/\/the-s-unit.nl\/en\/","name":"The S-Unit","description":"Your Security Companion","inLanguage":"en-GB","publisher":{"@id":"https:\/\/the-s-unit.nl\/en\/#organization"}}]},"og:locale":"en_GB","og:site_name":"The S-Unit \u2013 Your Security Companion","og:type":"article","og:title":"PDF-generatie als aanvalspad naar server secrets \u2013 The S-Unit","og:description":"Mendix is een toonaangevend low-code platform waarmee organisaties snel en effici\u00ebnt applicaties kunnen ontwikkelen, integreren en schalen.","og:url":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/","og:image":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg","og:image:secure_url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg","article:published_time":"2026-02-04T19:08:27+00:00","article:modified_time":"2026-02-05T09:22:44+00:00","twitter:card":"summary_large_image","twitter:title":"PDF-generatie als aanvalspad naar server secrets \u2013 The S-Unit","twitter:description":"Mendix is een toonaangevend low-code platform waarmee organisaties snel en effici\u00ebnt applicaties kunnen ontwikkelen, integreren en schalen.","twitter:image":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg"},"aioseo_meta_data":{"post_id":"10393","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"PDF-generatie","score":82,"analysis":{"keyphraseInTitle":{"score":9,"maxScore":9,"error":0},"keyphraseInDescription":{"score":3,"maxScore":9,"error":1},"keyphraseLength":{"score":9,"maxScore":9,"error":0,"length":1},"keyphraseInURL":{"score":5,"maxScore":5,"error":0},"keyphraseInIntroduction":{"score":3,"maxScore":9,"error":1},"keyphraseInSubHeadings":{"score":9,"maxScore":9,"error":0},"keyphraseInImageAlt":{"score":9,"maxScore":9,"error":0},"keywordDensity":{"type":"best","score":9,"maxScore":9,"error":0}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2026-02-04 16:11:32","updated":"2026-02-05 09:31:32","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/the-s-unit.nl\/en\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/the-s-unit.nl\/en\/category\/what-the-hack\/\" title=\"What The Hack\">What The Hack<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tPDF-generatie als aanvalspad naar server secrets\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/the-s-unit.nl\/en"},{"label":"What The Hack","link":"https:\/\/the-s-unit.nl\/en\/category\/what-the-hack\/"},{"label":"PDF-generatie als aanvalspad naar server secrets","link":"https:\/\/the-s-unit.nl\/en\/pdf-generatie-als-aanvalspad-naar-server-secrets\/"}],"jetpack_featured_media_url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/02\/PDF-generator-3.png","_links":{"self":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts\/10393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/comments?post=10393"}],"version-history":[{"count":20,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts\/10393\/revisions"}],"predecessor-version":[{"id":10415,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts\/10393\/revisions\/10415"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/media\/10395"}],"wp:attachment":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/media?parent=10393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/categories?post=10393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/tags?post=10393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}