disable_functions Bypass Exploit in PHP 7.1 to PHP 7.3

4 years ago

source link: https://www.tuicool.com/articles/uAvmEvn
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

PHP 7.1-7.3 disable_functions bypass

rAfaEn7.png!web

This exploit utilises a use after free vulnerability in json serializer in order to bypass disable_functions and execute a system command. It should be fairly reliable and work on all server apis, although that is not guaranteed.

Targets

7.1 - all versions to date
7.2 < 7.2.19 (released: 30 May 2019)
7.3 < 7.3.6 (released: 30 May 2019)

Credits to @cfreal for the original bug discovery.

Recommend

MMD-0064-2019 - Linux/AirDropBot
Entombed: An archaeological examination of an Atari 2600 game (2018)
科普 | 解读以太坊黄皮书（3/7）
OnePlus 7T Vs. Asus Zenfone 6 Vs. ZTE Axon 10 Pro | Spec Comparison | Digital Tr...
Sony is developing its next flagship with Snapdragon 865 - GSMArena.com news
GitHub - trojan-gfw/igniter: A trojan client for Android (UNDER CONSTRUCTION).
GitHub - DV8FromTheWorld/JDA: Java wrapper for the popular chat & VOIP servi...
GitHub - openaudible/openaudible: Open Source Audible Manager
GitHub - Snailclimb/spring-security-jwt-guide: 从零入门！Spring Security With J...
我顺藤摸瓜端了色情网站的老窝，并劝他从良

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK