#!/bin/sh

set -e

test -f www/images/favicon.png
cp www/images/favicon.png .

( sed "s,@PWD@,$PWD,g" | tee vuln.php) <<'EOF'
<?php
error_reporting(E_ALL);
// Include autoloader
include_once( 'dompdf/dompdf_config.inc.php' );
$dompdf = new DOMPDF();
$dompdf->set_option('enable_html5_parser', TRUE);

// Include vulnerable objects
include("phar-poc.php");

$dompdf->set_option('enable_remote', true);
$dompdf->set_option('chroot', '@PWD@');

// Load HTML content 
$dompdf->load_html('<!DOCTYPE html>
<html lang="fr">
<head><title>Page de Test HTML – dompdf, un outil puissant pour convertir de l’HTML vers PDF en PHP</title></head>
<body><p>Cette page <em>HTML</em> va être convertie à l’aide de <em>dompdf</em> en <em>PDF</em></p>
<p><img src="favicon.png"> </p>
</body></html>'); 

// Render the HTML as PDF 
$dompdf->render(); 
 
// Output the generated PDF to Browser 
$p=base64_encode($dompdf->output());
echo "$p";
?>
EOF
php vuln.php


exit 0

