PlaySMS 1.4 RCE [CVE: 2017-9080] (POC)

MuYoImvfpew/default.jpg

PlaySMS 1.4 Remote Code Execution(POC)

Code Execution using $filename Now We know sendfromfile.php accept any file extension and just read content not stored in server. But there is bug when user upload example: mybackdoor.php server accept happily but not store in any folder so our shell is useless. But if User change the file name to "mybackdoor.php" to "you_php_payload.csv" den server check for file and set some perameter $filename="you_php_payload.csv" , U can see code below and display $filename on page.

MuYoImvfpew/default.jpg
PlaySMS 1.4 RCE [CVE: 2017-9080] (POC) PlaySMS 1.4 RCE [CVE: 2017-9080] (POC) Reviewed by Anonymous on May 07, 2018 Rating: 5