CVE-2017-9101

This Metasploit module exploits an authenticated file upload vulnerability in PlaySMS 1.4 via the Phonebook import feature. It uploads a malicious CSV file containing PHP code in the User-Agent header, leading to remote code execution.

This exploit leverages a file upload vulnerability in PlaySMS 1.4's phonebook import feature to achieve remote code execution. The attacker uploads a malicious CSV file containing PHP code in the 'Name' field, which is executed when the file is processed due to improper handling of user-supplied input.

This is a functional exploit for CVE-2017-9101, targeting PlaySMS 1.4. It leverages an authenticated RCE vulnerability via CSV upload in the phonebook feature, embedding PHP code in the User-Agent header to execute arbitrary commands.

This Metasploit module exploits an authenticated file upload vulnerability in PlaySMS 1.4 via the Phonebook import feature. It uploads a malicious CSV file containing PHP code in the User-Agent header, leading to remote code execution.