/FuckFastcgi

[Tool] Forge PHP FastCGI protocol to RCE with strict disable_functions

Primary LanguagePHP

FuckFastCGI

Description

This is a php script to exploit fastcgi protocol to bypass open_basedir and disable_functions.

It will help you to bypass strict disable_functions to RCE by loading the malicious extension.

Usage

  • set the config of index.php
    • unix socket path / tcp host
    • port
    • extension dir path
    • extension name
    • prepend file
    • ...
  • upload this script and your malicious extension to the target machine
  • enjoy it!