This module exploits a header overflow vulnerability in lighttpd when using fast_cgi module in lighttpd before version 1.4.18. The vulnerability allows to modify PHP headers. This module modifies the SCRIPT_FILENAME PHP header to run arbitrary files in the PHP interpreter. This module will send a request to the server with a HTTP Referer header with PHP code that is written on the log file by the lighttpd server. Then the module searches for the lighttpd log file in the web server using the vulnerability. Then the module executes the lighttpd log file as a PHP script using the vulnerability, and installs a new agent in the server.
CVE Link
Exploit Platform
Product Name