Lately I’ve been playing around with fully self-contained, zero-to-hero, proof of concept exploits in Python. To demonstrate this concept I’ve created a simple vulnerable PHP website which asks the user for an URL (its code is included at the end). It “scans” this endpoint and stores the file in a temporary folder, which also happens to be exposed through the web server. A bad practice, this results in a classic combination of an insecure file upload leading to remote code execution.

In this article we’ll explore how to set up a standalone proof of concept exploit for this fictitious website.

Not a member? Read this article for free on my site.

Note that this article is written for educational purposes and is intended only for legal penetration testing and red teaming activities, where explicit permission has been granted. If you wish to test any of the scripts provided, please refer to the disclaimer at the end of this article.

Normally, when creating a proof of concept exploit, a regular workflow would look something like this:

• Create a webserver and host your payload. This can easily be done by using Apache or a quick and dirty Python server (python3 -m http.server 80). Depending on the setup used, you could also tail the access log to keep track of…