Vulnerability & Exploit Database

Back to search

PhpTax pfilez Parameter Exec Remote Code Injection

This module exploits a vulnerability found in PhpTax, an income tax report generator. When generating a PDF, the icondrawpng() function in drawimage.php does not properly handle the pfilez parameter, which will be used in a exec() statement, and then results in arbitrary remote code execution under the context of the web server. Please note: authentication is not required to exploit this vulnerability.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/phptax_exec

Authors

  • Jean Pascal Pereira <pereira [at] secbiz.de>
  • sinn3r <sinn3r [at] metasploit.com>

References

Targets

  • PhpTax 0.8

Platforms

  • linux
  • unix

Architectures

  • cmd

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/phptax_exec msf exploit(phptax_exec) > show targets ...targets... msf exploit(phptax_exec) > set TARGET <target-id> msf exploit(phptax_exec) > show options ...show and set options... msf exploit(phptax_exec) > exploit