Open rudram4 opened 1 year ago
D3Ext
commented
1 year ago I've tested the exploit with a HackTheBox machine on the same network so I don't know if it will work using your VPS ip, however take a look at the exploit source code, it approach a PHP vulnerability to execute commands via eval function.
It may not work because the exploit also uses the 9000 port
rudram4
commented
1 year ago So you have any idea how can I exploit it further in any way, Like if i am just going to report without any confirm rce, i would get nothing, I am naive to this
On Sun, May 14, 2023, 10:51 PM D3Ext @.***> wrote:
I've tested the exploit with a HackTheBox machine on the same network so I don't know if it will work using your VPS ip, however take a look at the exploit source code, it approach a PHP vulnerability to execute commands via eval function. It may not work because the exploit also uses the 9000 port
— Reply to this email directly, view it on GitHub https://github.com/D3Ext/XDEBUG-Exploit/issues/1#issuecomment-1546952326, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJSJONLPQKBGIN6FSNKVLWTXGEIBTANCNFSM6AAAAAAYAVBBPE . You are receiving this because you authored the thread.Message ID: @.***>
blackcodersec
commented
1 year ago @D3Ext you have any idea how can I exploit it further in any way?
D3Ext
commented
1 year ago I haven't tested it but if you pass your VPS address to lhost parameter it should work, anyway take a look at source code.
my vps address,
also nuclei is showing this is vulnerable, but i am not receiving anything back, what might be the issue