Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRP: Request PHP 8.1.0-dev User-Agentt Backdoor #41

Closed
wdjcy opened this issue Sep 29, 2021 · 0 comments
Closed

PRP: Request PHP 8.1.0-dev User-Agentt Backdoor #41

wdjcy opened this issue Sep 29, 2021 · 0 comments
Labels
PRP:Request

Comments

@wdjcy
Copy link

wdjcy commented Sep 29, 2021

Hello,

I would like to start the implementation for a plugin that detects PHP 8.1.0-dev User-Agentt Backdoor

Vulnerability details:

Type: PHP 8.1.0-dev User-Agentt Backdoor
Score: 9.80 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

The vulnerability should be remotely exploitable without authentication and user interaction. Yes

The detector should provide a reliable false-positive free detection report. Yes

The detection capability should be easy to verify using both vulnerable and fixed Docker images. Yes, this can be done easily.

The vulnerability should have a relatively large impact radius. Yes, PHP server is widely used more than 6993K+ Instance are exposed in shodan

Please let me know if this is in scope as I've already made the development .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
PRP:Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tooryx @wdjcy @magl0