This module exploits the following vulnerability, as described by the CVE database: "The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete." However, this exploit does not use the zend_hash_init technique used by other proof-of-concept codes and research papers, and does therefore not depend on a specific PHP configuration. Notably it does not require register_globals to be turned on (it is off by default) and will work against any Linux machine running Apache (1 or 2) and PHP (from 4.1.0 to 4.3.7). Successful exploitation of this vulnerability is highly dependent on Apache's and PHP's versions, configurations, and memory usage. This module will successively run 5 different phases: the first 4 phases will determine the parameters needed to trigger the memory_limit in an exploitable manner, the 5th and last phase will bruteforce the 3 remaining parameters and finally install an agent.
CVE Link
Exploit Platform
Product Name