PHP Utility Belt是一款为PHP程序开发人员使用的一套工具集,可以用来测试正则表达式并且观察与preg_match和preg_match_all函数的匹配,观察preg_replate函数的结果;获得包含两个单词两个数字一个大写字母和一个符号的随机密码;序列化与反序列化;测试mktime和strtotime时间戳的日期格式或者一个数字型时间戳;在主页外运行任意PHP代码。
由于它能够执行任意的PHP代码,因此只能在测试环境下使用,绝不能产品环境下运行。
此漏洞的漏洞编号为EDB-ID:39554
源代码下载地址为: https://github.com/mboynes/php-utility-belt
搭建实验环境,其中靶机的IP地址为192.168.248.129,攻击机的IP地址为192.168.248.128
下图为PHP Utility Belt搭建完之后的运行情况。
针对此漏洞metasploit已经给出了一个漏洞利用代码,路径为
exploit/multi/http/php_utility_belt_rce
在攻击机上运行此攻击脚本
随后设置payload
接下来设置相应的选项
最后执行exploit命令,开始攻击
可见得到了meterpreter的shell,说明攻击是成功的。
对整个过程抓数据包,如下
其中POST传递的参数为名为code,所有的攻击代码都在这个变量中,接下来看一下漏洞所在的文件ajax.php,问题出在第10行至第15行这部分代码段
可见程序先判断code参数是否设置,如果已经被设置的话,直接放到了eval函数中执行,eval函数的作用是把输入参数的内容作为php代码执行,而在上述代码中并没有对用户所传入的内容进行过滤,也就是说攻击者在code中给出的值只要符合php代码的语法规范就会被无条件执行,这是一个典型的eval注入。
上述代码如果在测试环境下,可以方便程序员的工作,但是放在产品环境下就很危险。
* navyofficer 投递,转载请注明来自FreeBuf黑客与极客(FreeBuf.COM)
PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AMPHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct
How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AMThe best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.
Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AMCustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr
Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AMSending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.
What is the best way to send an email using PHP?May 08, 2025 am 12:21 AMThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu
Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AMThe reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.
PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AMPHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.
PHP Email Security: Best Practices for Sending EmailsMay 08, 2025 am 12:16 AMThebestpracticesforsendingemailssecurelyinPHPinclude:1)UsingsecureconfigurationswithSMTPandSTARTTLSencryption,2)Validatingandsanitizinginputstopreventinjectionattacks,3)EncryptingsensitivedatawithinemailsusingOpenSSL,4)Properlyhandlingemailheaderstoa
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
SublimeText3 English version
Recommended: Win version, supports code prompts!
Atom editor mac version download
The most popular open source editor
Notepad++7.3.1
Easy-to-use and free code editor
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
