mm0r1 / exploits Goto Github PK
View Code? Open in Web Editor NEWPwn stuff.
Pwn stuff.
how modify it at php5
In many case that trigger bypass, How phper deal with it?
Hello
My version of PHP is PHP Version 7.1.27
disable_functions:passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,popen
I uploaded exploit. PHP to the website,Execution is wrong, and the information is as follows.
Couldn't parse ELF
Can you solve it, please?
What changes are needed at the addresses if the system is 32-bit? Thank you
Hey,
I noticed you mentioned that this is applicable to 5.x, just wondering if you could share the changes that are needed for that?
Thanks.
Do you have any suggestions if I want to learn how to exploit, thank you.
A talk was given at 2016 Ruxcon:
https://2016.ruxcon.org.au/slides/
PHP Internals: Exploit Dev Edition
This talk showed how to scan the running memory for PHP and hot-patch the memory space to enable functions by toggling the setting in RAM.
As this has been ~3 years in the making, might give you an idea to create another path...
Hi @mm0r1
Incredible work you have published!!!
This is among the best (if not the best) PHP code that I have seen in many years.
Currently all of your published scripts require PHP reference syntax; do you have any bypass code that works without references?
I have a unique situation where I allow end-users to publish PHP code on a server with minimal restrictions, so I’m very interested in the work you are publishing.
Works on an up to date Ubuntu 18.04.3 with PHP 7.2.19.
Can anything be done other than disabling gc_collect_cycles while waiting for the issue to be patched?
Is it possible in "php-concat-bypass" exploit POC to return back the ability to execute functions like proc_open, popen, passthru etc.?
Not just introduce new function "pwn", but load disabled functions?
Treat it as a feature request. I'll pay 500$ for this in btc.
Love, Peace =*
As the title
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.