what address to give in lhost

[rudram4]

my vps address,

also nuclei is showing this is vulnerable, but i am not receiving anything back, what might be the issue

[D3Ext]

I've tested the exploit with a HackTheBox machine on the same network so I don't know if it will work using your VPS ip, however take a look at the exploit source code, it approach a PHP vulnerability to execute commands via eval function. It may not work because the exploit also uses the 9000 port

[rudram4]

So you have any idea how can I exploit it further in any way, Like if i am just going to report without any confirm rce, i would get nothing, I am naive to this

On Sun, May 14, 2023, 10:51 PM D3Ext @.***> wrote:

I've tested the exploit with a HackTheBox machine on the same network so I don't know if it will work using your VPS ip, however take a look at the exploit source code, it approach a PHP vulnerability to execute commands via eval function. It may not work because the exploit also uses the 9000 port

— Reply to this email directly, view it on GitHub https://github.com/D3Ext/XDEBUG-Exploit/issues/1#issuecomment-1546952326, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJSJONLPQKBGIN6FSNKVLWTXGEIBTANCNFSM6AAAAAAYAVBBPE . You are receiving this because you authored the thread.Message ID: @.***>

[blackcodersec]

@D3Ext you have any idea how can I exploit it further in any way?

[D3Ext]

I haven't tested it but if you pass your VPS address to lhost parameter it should work, anyway take a look at source code.