exploits/php7-backtrace-bypass at master

exploits/php7-backtrace-bypass at master · mm0r1/exploits
2020-02-01 00:47:03 Author: github.com(查看原文) 阅读量:813 收藏

exploits/php7-backtrace-bypass/

mm0r1 Get the backtrace via Exception class, when possible

Latest commit 396e393 Jan 30, 2020

Name	Latest commit message	Commit time
..
Failed to load latest commit information.
README.md	debug_backtrace() PoC release	Jan 30, 2020
exploit.php	Get the backtrace via Exception class, when possible	Jan 31, 2020

README.md

This exploit uses a two year old bug in debug_backtrace() function. We can trick it into returning a reference to a variable that has been destroyed, causing a use-after-free vulnerability. The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.

Targets

7.0 - all versions to date
7.1 - all versions to date
7.2 - all versions to date
7.3 - all versions to date
7.4 - all versions to date

文章来源: https://github.com/mm0r1/exploits/tree/master/php7-backtrace-bypass
如有侵权请联系:admin#unsafe.sh