CVE-2005-1921

This Metasploit module exploits CVE-2005-1921, an arbitrary code execution vulnerability in PHP XML-RPC implementations. It crafts a malicious XML-RPC request to execute arbitrary commands via the `passthru` function, targeting applications like Drupal, WordPress, and others.

This exploit leverages a command injection vulnerability in XML-RPC implementations (phpxmlrpc and PEAR XML_RPC) by crafting a malicious XML payload. The payload injects a system command into the XML structure, allowing remote command execution on the target server.

This exploit targets CVE-2005-1921, a command injection vulnerability in XMLRPC implementations. It sends a maliciously crafted XML payload to execute arbitrary commands on the target system via a POST request.

This exploit demonstrates a remote code execution vulnerability in PHPXMLRPC <= 1.1 due to unsanitized data being passed into an eval() call. The PoC XML payload escapes the eval() context using single quotes to execute arbitrary PHP code.

This Perl script exploits CVE-2005-1921, a command injection vulnerability in XML-RPC implementations (e.g., PHP XML-RPC libraries). It crafts a malicious XML-RPC request to execute arbitrary commands via the `system()` function by injecting into the `methodName` parameter.

This Metasploit module exploits a PHP XML-RPC arbitrary code execution vulnerability (CVE-2005-1921) by injecting malicious commands into XML-RPC requests. It targets multiple PHP-based applications like Drupal, WordPress, and others.