1 supporter
Exploiting a backdoor in PHP 8.1.0-dev ( ...

Exploiting a backdoor in PHP 8.1.0-dev (HackTheBox - Knife)

Sep 05, 2021

PHP version 8.1.0-dev was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed because if this version of PHP runs on a server, an attacker can execute any arbitrary code he wants. Knife, on the other hand, is an Easy difficulty Linux machine from HackTheBox which is vulnerable to this particular security breach. The machine runs a traditional Apache web server which uses PHP 8.1.0-dev for the back-end, while the front-end only exposes a static site. How can we hack inside this server? Let's figure it out in this video!

Read the full writeup!


Enjoy this post?

Buy 0xbro a coffee

More from 0xbro