module
PHP Exec, PHP Command Shell, Find Sock
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
Execute a PHP payload as an OS command from a Posix-compatible shell.
Spawn a shell on the established connection to
the webserver. Unfortunately, this payload
can leave conspicuous evil-looking entries in the
apache error logs, so it is probably a good idea
to use a bind or reverse shell unless firewalls
prevent them from working. The issue this
payload takes advantage of (CLOEXEC flag not set
on sockets) appears to have been patched on the
Ubuntu version of Apache and may not work on
other Debian-based distributions. Only tested on
Apache but it might work on other web servers
that leak file descriptors to child processes.
Spawn a shell on the established connection to
the webserver. Unfortunately, this payload
can leave conspicuous evil-looking entries in the
apache error logs, so it is probably a good idea
to use a bind or reverse shell unless firewalls
prevent them from working. The issue this
payload takes advantage of (CLOEXEC flag not set
on sockets) appears to have been patched on the
Ubuntu version of Apache and may not work on
other Debian-based distributions. Only tested on
Apache but it might work on other web servers
that leak file descriptors to child processes.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.