jakubboucek · October 21, 2020 01:31
diff --git a/troll.php b/troll.php
 <?php

    /**
     * Troll your script-kiddie exploiters of CVE-2020-15227 vulnerability
     * Make response which gives false hope
     */
    private static function trollExploiters(): void
    {
        if (strpos($_SERVER['REQUEST_URI'] ?? '', '/nette.micro') === 0) {
            header('Content-Type: text/plain');
            header('X-Powered-By: Nette 0.9-beta');
            header('X-Hi-kiddie: Trolling kiddies');
            $shell = $_GET['callback'] ?? null;
            $cmd = explode(" ", $_GET['cmd'] ?? 'Nette%20Micro')[0];
            $p = "/var/www/html/vendor/nette/nette/Application/MicroPresenter.php:136";
                if (($shell === 'shell_exec' || !$shell)) {
                echo "bash: $cmd: command not found";
            } else {
                echo "PHP Fatal Error: Call to undefined function $shell() in $p";
            }
            die(0);
        }
    }
	<?php

	/**
	* Troll your script-kiddie exploiters of CVE-2020-15227 vulnerability
	* Make response which gives false hope
	*/
	private static function trollExploiters(): void
	{
	if (strpos($_SERVER['REQUEST_URI'] ?? '', '/nette.micro') === 0) {
	header('Content-Type: text/plain');
	header('X-Powered-By: Nette 0.9-beta');
	header('X-Hi-kiddie: Trolling kiddies');
	$shell = $_GET['callback'] ?? null;
	$cmd = explode(" ", $_GET['cmd'] ?? 'Nette%20Micro')[0];
	$p = "/var/www/html/vendor/nette/nette/Application/MicroPresenter.php:136";
	if (($shell === 'shell_exec' \|\| !$shell)) {
	echo "bash: $cmd: command not found";
	} else {
	echo "PHP Fatal Error: Call to undefined function $shell() in $p";
	}
	die(0);
	}
	}