Pentest mPDF read any file and meta-git RCE to root
Situation: School Admin Panel with Pdf download option using mpdf. logged in as admin with sql injection bypass ‘or 1=’1’#. Using Burp Suite checking the request Decrypting it using base64…