65
disable_functions Bypass Exploit in PHP 7.1 to PHP 7.3
source link: https://www.tuicool.com/articles/uAvmEvn
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
PHP 7.1-7.3 disable_functions bypass
This exploit utilises a use after free vulnerability in json serializer in order to bypass disable_functions
and execute a system command. It should be fairly reliable and work on all server apis, although that is not guaranteed.
Targets
- 7.1 - all versions to date
- 7.2 < 7.2.19 (released: 30 May 2019)
- 7.3 < 7.3.6 (released: 30 May 2019)
Credits to @cfreal for the original bug discovery.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK