Skip to content

/ exploits

Branch: master
Find file History
exploits/php7-backtrace-bypass/
@mm0r1
mm0r1 Get the backtrace via Exception class, when possible
Latest commit 396e393 Jan 30, 2020
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md debug_backtrace() PoC release Jan 30, 2020
exploit.php Get the backtrace via Exception class, when possible Jan 30, 2020

README.md

PHP 7.0-7.4 disable_functions bypass

This exploit uses a two year old bug in debug_backtrace() function. We can trick it into returning a reference to a variable that has been destroyed, causing a use-after-free vulnerability. The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.

Targets

  • 7.0 - all versions to date
  • 7.1 - all versions to date
  • 7.2 - all versions to date
  • 7.3 - all versions to date
  • 7.4 - all versions to date
You can’t perform that action at this time.