A slightly modified version of the Mt-Code POC which spawns a full reverse shell rather than a web shell.
This exploit uses the famous PentestMonkey PHP Reverse Shell.
pip install -r requirements.txt
- Create a user on the application
- Run the following
python exploit.py http://{target}/index.php {myuser} {mypassword} - Open a listener and navigate to the path listed by the exploit.
Disclaimer: I do not take credit for the creation of either of these scripts.
Follow the law.