exploits/php7-backtrace-bypass at master · mm0r1/exploits · GitHub

4 years ago

source link: https://github.com/mm0r1/exploits/tree/master/php7-backtrace-bypass
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

PHP 7.0-7.4 disable_functions bypass

This exploit uses a two year old bug in debug_backtrace() function. We can trick it into returning a reference to a variable that has been destroyed, causing a use-after-free vulnerability. The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.

Targets

7.0 - all versions to date
7.1 - all versions to date
7.2 - all versions to date
7.3 < 7.3.15 (released 20 Feb 2020)
7.4 < 7.4.3 (released 20 Feb 2020)

Recommend

exploits/php7-backtrace-bypass at master · mm0r1/exploits · GitHub

PHP 7.0-7.4 disable_functions bypass

Targets

Recommend

Any, Unit, Nothing and all their friends - ITNEXT

饭圈女孩驰援武汉：我们“每一天都在解决困难”

就没有替代迅雷的软件吗？速度减半都可以。

Self-managed email alias/forwarding service

What Exactly is Docker?

五问湖北红会：为何医院口罩紧缺而大量物资放仓库

两年上市神话被盯上瑞幸咖啡遭做空股价大跌超10%

美国新冠肺炎患者有效的这款药 2天后中国临床试验

Write out Unicode in Octal – Lubutu

手摸手，打造属于自己的 React 组件库03 — 打包篇

About Joyk