Access Control: Xdebug remote code execution via xdebug.remote_connect_back¶
Identifier:
php_xdebug_rce
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
The XDebug extension \<= v2.6.0 for PHP with 'xdebug.remote_connect_back' enabled and exposed to the internet could allow an unauthenticated remote attacker to trigger a debugging session, effectively gaining remote code execution capabilities.
How we test: We test for XDebug remote debugging vulnerabilities by attempting to trigger debugging sessions via web requests and analyzing responses to detect if remote debugging is enabled and accessible, which could lead to remote code execution.
Reference:
- https://github.com/vulhub/vulhub/tree/master/php/xdebug-rce
- https://redshark1802.com/blog/2015/11/13/xpwn-exploiting-xdebug-enabled-servers/
- https://paper.seebug.org/397/
- https://github.com/D3Ext/XDEBUG-Exploit
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.