#!/bin/sh

set -e

test -f www/images/favicon.png
cp www/images/favicon.png .

( sed "s,@PWD@,$PWD,g" | tee vuln.php) <<'EOF'
<?php
error_reporting(E_ALL);
// Include autoloader
include_once( 'dompdf/dompdf_config.inc.php' );
$dompdf = new DOMPDF();

// Include vulnerable objects
include("phar-poc.php");

$dompdf->set_option('enable_remote', true);
$dompdf->set_option('chroot', '@PWD@');

// Load HTML content 
$dompdf->load_html('<!DOCTYPE html>
<html lang="fr">
<head>
<title>Page de Test HTML – dompdf, un outil puissant pour convertir de l’HTML vers PDF en PHP</title>
</head>

<body>
<p>
Cette page <em>HTML</em> va être convertie à l’aide de <em>dompdf</em> en <em>PDF</em>
</p>
<img src="favicon.png">
</body>
</html>'); 

 
// Render the HTML as PDF 
$dompdf->render(); 
 
// Output the generated PDF to Browser 
$p=base64_encode($dompdf->output());
echo "$p";
?>
EOF
php vuln.php


exit 0

