Modern web applications often provide features like PDF generation to enhance user experience, but these functionalities can inadvertently introduce critical vulnerabilities when improperly secured. During a recent penetration test, we identified a severe HTML injection vulnerability in the PDF file generation feature of two separate applications. Exploiting this weakness, we demonstrated the potential to perform Server-Side Request Forgery (SSRF) attacks, enabling access to internal files and sensitive application source code. This session provides a detailed, real-world example of how a seemingly minor vulnerability can have catastrophic consequences. It emphasizes the importance of secure development practices, robust cloud configurations, and proactive vulnerability mitigation. Attendees will walk away with practical strategies to strengthen their security posture, making this talk both educational and actionable.