Posted on Leave a comment

Exploiting PHP utility belt remote code execution vulnerability

Good evening friends. Today we will see how to exploit PHP utility belt remote code execution vulnerability. All the credit for this exploit goes to one “WICS” of exploit-db.com. The exploit is shown below. Here in this howto, I will just show you how to use this exploit. For those guys who don’t know what PHP Utiltiy belt is, it is PHP utility belt is a ” set of tools for PHP developers. We can just install it in a browser-accessible directory and have at it.”

Here is video version of this howto. If you want textual version scroll down.

This is how php utility belt can be set up as shown below.

Before we try our exploit, let’s try to access a file known as “info.php” through the url as shown below. You will get an error as shown below.

Now enter the given PHP code as shown below and hit on “Run”. This is our remote command execution exploit.

Now once again try to access the file you tried to access above. you should get the file listed as shown below. Hence we successfully did a remote command execution.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.