Access Control: PHP 8.1.0-dev - Backdoor Remote Code Execution¶
Identifier:
php_zerodium_backdoor_rce
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
PHP 8.1.0-dev contains a backdoor dubbed 'zerodiumvar_dump' that can allow the execution of arbitrary PHP code, potentially giving attackers full control over the server.
How we test: We test for the PHP 8.1.0-dev backdoor by attempting to execute commands through the zerodiumvar_dump backdoor and analyzing responses to detect if arbitrary PHP code execution is possible.
Reference:
- https://news-web.php.net/php.internals/113838
- https://flast101.github.io/php-8.1.0-dev-backdoor-rce/
- https://github.com/flast101/php-8.1.0-dev-backdoor-rce/blob/main/revshell_php_8.1.0-dev.py
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.