-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong information #1
Comments
This looks like it could be caused by the php binary/library being compiled without RELRO. I have pushed a commit that addresses this issue, please pull the code and try again. |
Can you tell me what kind of test you are in? |
|
Even though it's possible to exploit this vulnerability on Windows, this PoC is for Linux x64 only, I should have clarified that. The exploit was tested on various php7.1-7.3 builds for Ubuntu and CentOS with fpm/cli/apache2 server APIs. As stated in README, it's not guaranteed to work everywhere. I can, however, try to debug the problem if you can provide the binary that's causing issues. Alternatively, you can try incrementing the |
php 7.2.21
any ideas ? |
Looks like the ELF parsing stage gives wrong results. Can you provide the php binary that's having issues with this PoC? |
Fixed in b160b06. |
Hello
My version of PHP is PHP Version 7.1.27
disable_functions:passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,popen
I uploaded exploit. PHP to the website,Execution is wrong, and the information is as follows.
Can you solve it, please?
The text was updated successfully, but these errors were encountered: