Kwelwild Posted February 23, 2013 Report Posted February 23, 2013 Description: In this video i will show you how to exploit PHP-CGI Vulnerability (CVE-2012-1823 ) using Metasploit Framework.Vulnerable ISO : - https://www.pentesterlab.com/cve-2012-1823/cve-2012-1823.isoThis exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.PDF : - https://www.pentesterlab.com/cve-2012-1823/cve-2012-1823.pdfThe bugThe bug is due to an error on how the URI is used and provided to PHP CGI when a URL lacks = sign (typically used to separate parameter's name and value. Basically, the URI is passed to the php-cgi binary without enough filtering or encoding allowing an attacker to pass extra-argument to php-cgi command line.Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Metasploit Exploiting Cve-2012-1823 Quote
