# phpstudy-backdoor-rce

**Repository Path**: legoc/phpstudy-backdoor-rce

## Basic Information

- **Project Name**: phpstudy-backdoor-rce
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2021-08-20
- **Last Updated**: 2021-08-20

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# phpstudy后门漏洞利用工具



## 0x00 概述

20190920 phpstudy爆出存在后门，该软件官网在2016年被入侵，软件安装包（php_xmlrpc.dll）被植入后门，利用http请求头的Accept-Encoding: gzip,deflate和'Accept-Charset'可造成远程代码执行。

本工具支持单url检测，cmdshell，get web shell（写入一句话木马），批量检测。



## 0x01 需求

python2.7

pip install requests



## 0x02 快速开始

使用帮助: python phpstudy-backdoor-rce.py -h


![](https://github.com/theLSA/phpstudy-backdoor-rce/raw/master/demo/phpstudybd00.png)


单url漏洞检测: python phpstudy-backdoor-rce.py -u "http://www.xxx.com/"


![](https://github.com/theLSA/phpstudy-backdoor-rce/raw/master/demo/phpstudybd01.png)


cmdshell: python phpstudy-backdoor-rce.py -u "http://www.xxx.com/" --cmdshell


![](https://github.com/theLSA/phpstudy-backdoor-rce/raw/master/demo/phpstudybd02.png)


getshell: python phpstudy-backdoor-rce.py -u "http://www.xxx.com/" --getshell --web-path WWW


![](https://github.com/theLSA/phpstudy-backdoor-rce/raw/master/demo/phpstudybd03.png)


批量检测: python phpstudy-backdoor-rce.py -f urls.txt


![](https://github.com/theLSA/phpstudy-backdoor-rce/raw/master/demo/phpstudybd04.png)


## 0x03 反馈

[issus](https://github.com/theLSA/phpstudy-backdoor-rce/issues)

gmail：[lsasguge196@gmail.com](mailto:lsasguge196@gmail.com)

qq：[2894400469@qq.com](mailto:2894400469@qq.com)