Skip to content
Branch: master
Find file History
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md Initial commit Sep 28, 2019
exploit.php Do not rely on PT_GNU_RELRO segment Oct 2, 2019

README.md

PHP 7.1-7.3 disable_functions bypass

not an issue

This exploit utilises a use after free vulnerability in json serializer in order to bypass disable_functions and execute a system command. It should be fairly reliable and work on all server apis, although that is not guaranteed.

Targets

  • 7.1 - all versions to date
  • 7.2 < 7.2.19 (released: 30 May 2019)
  • 7.3 < 7.3.6 (released: 30 May 2019)

Credits to @cfreal for the original bug discovery.

You can’t perform that action at this time.