Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ZF1 RCE Gadget #8

Merged
merged 1 commit into from Sep 8, 2017

Conversation

@mpchadwick
Copy link
Contributor

commented Sep 8, 2017

Adds the gadget documented starting on page 41 here

https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf

I'm not sure exactly how far back this works in ZF1 versions, but works in the newest version. It also works in versions of Magento 1 that I've tested (which includes and autoloads the necessary ZF1 classes).

@mpchadwick mpchadwick changed the title Add ZF1 RCE vulnerability Add ZF1 RCE Gadget Sep 8, 2017

@cfreal cfreal merged commit 4214659 into ambionics:master Sep 8, 2017

@cfreal

This comment has been minimized.

Copy link
Collaborator

commented Sep 8, 2017

Thank you ! This payload was what got me to create the tool, btw. Esser built it five years ago, and it still works perfectly today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.