https://github.com/fahmifj/php-8.1.0-dev-zerodium-rce

A script that leverages 'zerodium' backdoor in PHP 8.1.0-dev via User-Agent.
https://github.com/fahmifj/php-8.1.0-dev-zerodium-rce

ctf exploit php php-810-dev

Last synced: 3 months ago
JSON representation

A script that leverages 'zerodium' backdoor in PHP 8.1.0-dev via User-Agent.

• Host: GitHub
• URL: https://github.com/fahmifj/php-8.1.0-dev-zerodium-rce
• Owner: fahmifj
• Created: 2021-05-26T00:20:54.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2021-06-07T09:32:29.000Z (about 5 years ago)
• Last Synced: 2024-07-29T18:04:51.636Z (almost 2 years ago)
• Topics: ctf, exploit, php, php-810-dev
• Language: Python
• Homepage:
• Size: 65.4 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Unauthenticated RCE via User-Agent in PHP 8.1.0-dev  

Exploit background: https://news-web.php.net/php.internals/113838

## Usage

Linux

```

chmod +x php-8.1.0-dev-zerodiumRCE.py

./php-8.1.0-dev-zerodiumRCE.py [url]

```

Windows

```

python php-8.1.0-dev-zerodiumRCE.py [url]

```

If the target is vulnerable, the exploit will give you a prompt.

![image-20210604032844874](_resources/image-20210604032844874.png)

## References

- https://twitter.com/scurippio/status/1377029387334393861

- https://fengchenzxc.github.io/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80%E6%BC%8F%E6%B4%9E/PHP/PHP%20zerodium%E5%90%8E%E9%97%A8%E6%BC%8F%E6%B4%9E/

- https://youtube.com/watch?v=iwR746pfTEc&t=2460 (cmdloop)