Adding PHP Utility Belt Remote Code Execution

[shipcod3]

This module exploits a remote code execution vulnerability in PHP utility Belt which is a set of tools for PHP developers and should not be installed in a production environment because this application runs arbitrary PHP code as an intended functionality.

Vulnerable Application: https://github.com/mboynes/php-utility-belt

[wvu]

What about exploit/unix/webapp/php_eval? That does GET, but it could be refactored to add POST. Feels like this is a generic eval vuln.

[shipcod3]

yeah I do agree that this is a generic one but would it be nice to have a module targeting the said application because of the path being defined. What do you think? Should I just edit exploit/unix/webapp/php_eval?

[wvu]

Nah, it's all good. Let's run with this.

[shipcod3]

Copy man :)

[wvu]

@shipcod3: Just wanna say that your code makes leaps and bounds in improvement with every PR. :)

[shipcod3]

Thanks for the compliment @wvu-r7. You were also a great mentor in improving my code in most of my previous PRs.

[wvu]

Fun software! "PHP goes here," lol.

[wvu]

Some changes here, @shipcod3: 52d12b6. Thanks!

[shipcod3]

@wvu-r7, You're welcome and thanks for the help man. I will apply what I have learned from the changes :)

[OJ]

Nice job. Keep up the good work Jay!

[shipcod3]

@OJ, Thanks man 👍