Php 5.3.10 Exploit -

/usr/bin/php-cgi /path/to/index.php The bug occurred in how PHP parsed the query string. If an attacker sent a request without a script name (e.g., http://target.com/?-s ), the PHP engine would misinterpret the query string .

Disclaimer: This post is for educational purposes and authorized security testing only. Exploiting systems you do not own is illegal. php 5.3.10 exploit

GET /?-s HTTP/1.1 Host: vulnerable.com The server tries to execute: /usr/bin/php-cgi /path/to/index

/usr/bin/php-cgi -s Because there is no script specified, PHP defaults to showing the source code of the standard input (the HTTP body). By sending a request with ? and -s , the attacker effectively turns the server into a file reader. php 5.3.10 exploit