The exploit describes a command injection vulnerability in Budabot's HELPBOT_MODULE, where lax syntax validation allows remote attackers to terminate the PHP daemon via a crafted command like '!calc 5 x 5'. The vulnerability affects versions 0.6 through 4.0, with different files being vulnerable depending on the version.
Classification
Writeup 90%
Target:
Budabot 0.6 - 4.0
No auth needed
Prerequisites:
Budabot listener running and configured · Ability to send private messages to the chatbot