PHP CGI Remote Code Execution - Low Security Level
Solution:
Step 1. On the lesson page click on admin, a new window will pop up with php details
Step 2. Click on exploit, a new window will pop up with url:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
Select - URL:http://www.kb.cert.org/vuls/id/520827 and go through the Description
Step 3. Go to the lesson page and reclick on admin, a new window will pop up with php details
Step 4. Replace phpinfo.php with ?-s as shown in the video
Step 5. Add below payloads to the url and check the output
?-dauto_prepend_file%3d/etc/passwd+-n
* Explore the lesson with other exploits (Not covered in this video).
PseudoTime
