This exploit demonstrates a Remote Code Execution (RCE) vulnerability in PHP utility belt due to unsafe use of eval() on user-controlled input. The PoC shows how arbitrary PHP code can be executed via a POST request to ajax.php, leading to file creation and potential full system compromise.
Classification
Working Poc 100%
Target:
PHP utility belt (version not specified)
No auth needed
Prerequisites:
Network access to the target server · PHP utility belt installed in a browser-accessible directory