php utility belt

All posts tagged php utility belt

Good evening friends. Today we will see how to exploit PHP utility belt remote code execution vulnerability. All the credit for this exploit goes to one “WICS” of exploit-db.com. The exploit is shown below. Here in this howto, I will just show you how to use this exploit. For those guys who don’t know what PHP Utiltiy belt is, it is¬†PHP utility belt is a ” set of tools for PHP developers. We can just install it in a browser-accessible directory and have at it.”

util_m1

Here is video version of this howto. If you want textual version scroll down.

This is how php utility belt can be set up as shown below.

util_m2

Before we try our exploit, let’s try to access a file known as “info.php” through the url as shown below. You will get an error as shown below.

util_m2a

Now enter the given PHP code as shown below and hit on “Run”. This is our remote command execution exploit.

util_m3

Now once again try to access the file you tried to access above. you should get the file listed as shown below. Hence we successfully did a remote command execution.

util_m4