Change terminal command input to any php code input in FastCGI exploit.

tarunkant / Gopherus

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

MIT License

2.83k stars 369 forks source link

Change terminal command input to any php code input in FastCGI exploit. #15

Open viniciuspereiras opened 3 years ago

viniciuspereiras commented 3 years ago

I changed the code so the user can send any payload (code) in php, since in some cases the system function is blocked, it was a simple change to just use len() to calculate the payload size and add it to the die() size , I've already done a PoC.

viniciuspereiras commented 2 years ago

Hello guys, any update?

tarunkant commented 2 years ago

@viniciuspereiras, this is good. Sorry for the late reply, I was super busy. I need to test it before merging.