Giter Club home page Giter Club logo

Comments (8)

mm0r1 avatar mm0r1 commented on August 19, 2024

This looks like it could be caused by the php binary/library being compiled without RELRO. I have pushed a commit that addresses this issue, please pull the code and try again.

from exploits.

hahaSec avatar hahaSec commented on August 19, 2024

看来这可能是由于在没有RELRO的情况下编译php二进制/库引起的。我已经推送了一个致力于解决此问题的提交,请提取代码,然后重试。

I tested the error on the real target webllshell as follows
image
image
I tested it in the PHP environment of the local Windows and reported the following errors
image
image

from exploits.

hahaSec avatar hahaSec commented on August 19, 2024

This looks like it could be caused by the php binary/library being compiled without RELRO. I have pushed a commit that addresses this issue, please pull the code and try again.

Can you tell me what kind of test you are in?

from exploits.

hahaSec avatar hahaSec commented on August 19, 2024

This looks like it could be caused by the php binary/library being compiled without RELRO. I have pushed a commit that addresses this issue, please pull the code and try again.
The code used in this article was tested in Windows local PHP environment as follows
https://bugs.php.net/bug.php?id=77843
image

from exploits.

mm0r1 avatar mm0r1 commented on August 19, 2024

Even though it's possible to exploit this vulnerability on Windows, this PoC is for Linux x64 only, I should have clarified that.

The exploit was tested on various php7.1-7.3 builds for Ubuntu and CentOS with fpm/cli/apache2 server APIs. As stated in README, it's not guaranteed to work everywhere. I can, however, try to debug the problem if you can provide the binary that's causing issues.

Alternatively, you can try incrementing the $n_alloc variable.

from exploits.

h1pwn avatar h1pwn commented on August 19, 2024

php 7.2.21
Couldn't get basic_functions address

base:
4194304
elf
Array
(
    [0] => 11988256
    [1] => 5693068
    [2] => 242184
)

any ideas ?

from exploits.

mm0r1 avatar mm0r1 commented on August 19, 2024

Looks like the ELF parsing stage gives wrong results. Can you provide the php binary that's having issues with this PoC?

from exploits.

mm0r1 avatar mm0r1 commented on August 19, 2024

Fixed in b160b06.

from exploits.

Related Issues (12)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.