playsms1.4 -RCE import.php [CVE-2017-9101](PoC)

KIB9sKQdEwE/default.jpg

Playsms 1.4 -Remote code Execution(PoC)

Description:
Code Execution using import.php

Now We know import.php accept any file extension and just read content
not stored in server. But whene we stored payload in our backdoor.csv
and upload to phonebook. Its execute our payload and show on next page in field (in NAME,MOBILE,Email,Group COde,Tags).

In My case i stored payload in my csv files Name field .

But There is one problem in execution. Its only execute in built function and varible which is used in application.


*----------------------------*------------------------------------*

Website :http://touhidshaikh.com
Blog : http://touhidshaikh.com/blog/
Github : https://github.com/touhidshaikh
Youtube : https://www.youtube.com/channel/UC7lx...
Google+ : https://plus.google.com/1116894234705...
Facebook : www.facebook.com/tauheeds1

*----------------------------*------------------------------------*

KIB9sKQdEwE/default.jpg
playsms1.4 -RCE import.php [CVE-2017-9101](PoC) playsms1.4 -RCE import.php [CVE-2017-9101](PoC) Reviewed by Dump3R H3id3gg3R on May 07, 2018 Rating: 5