/advisory

Unserialize bugs advisory

Primary LanguagePHP

Advisory of Exploits AI POP Builder

Collection of advisory:

Symfony <= 3.4.47 0day GMP Type Confusion RCE

symfony/process

Idea: PHP <= 5.6.40 with GMP + packages symfony/process and symfony/routing + fast "__destruct"

POC source: ./symfony_process_gmp/poc.php

Advisory

symfony/dependency-injection

Idea: PHP <= 5.6.40 with GMP + packages symfony/dependency-injection and symfony/routing + var overwrite into boolean

POC source: ./symfony_rewrite_with_boolean/tester.php

Advisory

swiftmailer/swiftmailer <= 5.4.12 0day GMP Type Confusion RCE

Idea: PHP <= 5.6.40 with GMP + packages swiftmailer/swiftmailer and pear/net_geoip + var pass by ref

POC source: ./swiftmailer_gmp_rce/poc.php

Advisory

Drupal <= 8.7.14 GMP Type Confusion RCE

Idea: PHP <= 5.6.40 with GMP + Drupal CMS

POC source: ./drupal_gmp_rce/poc.php

Advisory

phpmailer + swiftmailer 0day unserialize RCE (any PHP version)

Idea: packages phpmailer/phpmailer and swiftmailer/swiftmailer + is_resource bypass + fast "__destruct"

POC source: ./phpmailer_rce_poi/phpmailer_poc.php

Advisory

Yii 1.x unserialize RCE (any PHP version)

Idea: package yiisoft/yii + start POI from "__get" method

POC source: ./yii1_rce_poi/yii1_rce_poi.php

Advisory

symfony/finder unserialize RCE (PHP 7.x)

Idea: packages symfony/finder and symfony/http-kernel + getIterator() call

POC source: ./symfony_finder_rce/poc.php

Advisory

opis/closure + laravel/framework unserialize RCE

Idea: package opis/closure + custom Serializable method + include

POC source: ./opis_closure_rce/opis_closure_poi.php

Advisory

doctrine/doctrine-bundle unserialize RCE

Idea: combine LFI and file write POP-chains in doctrine/doctrine-bundle package to get RCE

POC source: ./doctrine_rce/doctrine_poi_gen.php

Advisory

Contacts

Project channel in Telegram: