playsms1.4 -RCE import.php [CVE-2017-9101](PoC)


Playsms 1.4 -Remote code Execution(PoC)

Code Execution using import.php

Now We know import.php accept any file extension and just read content
not stored in server. But whene we stored payload in our backdoor.csv
and upload to phonebook. Its execute our payload and show on next page in field (in NAME,MOBILE,Email,Group COde,Tags).

In My case i stored payload in my csv files Name field .

But There is one problem in execution. Its only execute in built function and varible which is used in application.


Website :
Blog :
Github :
Youtube :
Google+ :
Facebook :


playsms1.4 -RCE import.php [CVE-2017-9101](PoC) playsms1.4 -RCE import.php [CVE-2017-9101](PoC) Reviewed by Unknown on May 07, 2018 Rating: 5