2014. 11. 8. 21:45
http://webcache.googleusercontent.com/search?q=cache:nkjOOvPZjPcJ:securitysucks.info/exploit-phps-mail-to-get-remote-code-execution/+&cd=1&hl=en&ct=clnk&gl=us



With that said, let’s just dive into it!

This is the code for exploiting the mail() function

Let’s inspect the logs from this. First let’s have a look at what we can see in the browser by only going to the rce.php file

Nothing really scary to see in this log. Now, let’s use the catcommand in the terminal on the same file

See anything a bit more interesting? Let’s try to execute some commands.

I visit http://localhost/rce.php?cmd=ls%20-la and get the following output

Now, let me break it down in case you don’t fully understand the code

Posted by k1rha