ECN>> Exploits>> 返回
项目作者: DoctorHackerAbertay

项目描述 :
PHP Application RCE exploits
高级语言: Python
项目地址: git://github.com/DoctorHackerAbertay/Exploits.git
创建时间: 2019-08-03T18:12:07Z
项目社区:https://github.com/DoctorHackerAbertay/Exploits
开源协议:
下载


Exploits

PHP App exploits for educational purposes only. It is illegal to use these exploits against a website you do not own.

Some Python exploits for vulnerable PHP apps that were downloaded from exploit-db.com. The exploits gain a command shell.

  1. AROX SCHOOL-ERP PRO: PHP Charts allows charts and graphs to be drawn easily.
    Arox school pro is a simple PHP and MySQL based School manager.
    Reference: https://www.exploit-db.com/exploits/46999

  2. MY LITTLE FORUM 2.3.5
    My little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). The main claim of this web forum is simplicity.
    Reference: https://www.exploit-db.com/exploits/40021

  3. PHP CHARTS v 1.0
    PHP Charts allows charts and graphs to be drawn easily.
    Reference: https://www.exploit-db.com/exploits/26453

  4. WEBSPELL 4.01.02
    webSPELL is a free Content Management System which was especially developed for the needs of esport related communities.
    Reference: https://www.exploit-db.com/exploits/3402

  5. PPIM 1.0.1
    pPIM is a Personal Information Management application written in PHP that can store contacts (including their photos), events, links, notes, send and check email, and upload files.

Read the Python code for any further details. E.g. create a user? You will also have to edit the IP address. If the exploit is successful then you will get a command shell.

alt text

Doctor_Hacker@twitter