php-webshell: PHP Webshell - Detect

日期: 2025-08-01 | 影响软件: php-webshell | POC: 已公开

漏洞描述

PoC代码[已公开]

id: php-webshell

info:
  name: PHP Webshell - Detect
  author: lu4nx
  severity: high
  reference:
    - https://github.com/tennc/webshell/tree/master/php
    - https://www.rapid7.com/blog/post/2016/12/14/webshells-101/
  metadata:
    verified: true
  tags: php,file,webshell
file:
  - extensions:
      - php

    extractors:
      - type: regex
        regex:
          - '(?i)\b(passthru|eval|exec|system|phpinfo|assert|call_user_func|call_user_func_array)\('
          - '(?i)cmd.exe'
          - '(?i)/bin/sh'
          - '(?i)/bin/bash'
          - '(?i)WScript.Shell'
          - '(?i)gzuncompress\(base64_decode\('
          - '\]\(\$_(GET|POST|COOKIE|REQUEST)\['
          - '(?i)new\s*(ReflectionFunction|ReflectionClass)'
          - '(?i)0x647261646e617473'
          - '65786563' # exec
          - '(?i)\$\w+\(\$_(GET|POST|COOKIE|REQUEST)'
          - '(?i)b4tm4n'
          - '(?i)cmdshell'
# digest: 4a0a00473045022053b30b36410a8bd945bb6cddbe41c581606ff0546892e9967244c157d5b3c539022100a6b83436b1aaf3eec049d06888e0077597bff1ac9115d05781b53a040824241c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/file/webshell/php-webshell.yaml

相关漏洞推荐