Skip to content
Branch: master
Find file History
Type Name Latest commit message Commit time
Failed to load latest commit information. Initial commit Sep 28, 2019
exploit.php Do not rely on PT_GNU_RELRO segment Oct 2, 2019

PHP 7.1-7.3 disable_functions bypass

not an issue

This exploit utilises a use after free vulnerability in json serializer in order to bypass disable_functions and execute a system command. It should be fairly reliable and work on all server apis, although that is not guaranteed.


  • 7.1 - all versions to date
  • 7.2 < 7.2.19 (released: 30 May 2019)
  • 7.3 < 7.3.6 (released: 30 May 2019)

Credits to @cfreal for the original bug discovery.

You can’t perform that action at this time.