Advisory of Exploits AI POP Builder
Collection of advisory:
Symfony <= 3.4.47 0day GMP Type Confusion RCE
symfony/process
Idea: PHP <= 5.6.40 with GMP + packages symfony/process and symfony/routing + fast "__destruct"
POC source: ./symfony_process_gmp/poc.php
symfony/dependency-injection
Idea: PHP <= 5.6.40 with GMP + packages symfony/dependency-injection and symfony/routing + var overwrite into boolean
POC source: ./symfony_rewrite_with_boolean/tester.php
swiftmailer/swiftmailer <= 5.4.12 0day GMP Type Confusion RCE
Idea: PHP <= 5.6.40 with GMP + packages swiftmailer/swiftmailer and pear/net_geoip + var pass by ref
POC source: ./swiftmailer_gmp_rce/poc.php
Drupal <= 8.7.14 GMP Type Confusion RCE
Idea: PHP <= 5.6.40 with GMP + Drupal CMS
POC source: ./drupal_gmp_rce/poc.php
phpmailer + swiftmailer 0day unserialize RCE (any PHP version)
Idea: packages phpmailer/phpmailer and swiftmailer/swiftmailer + is_resource bypass + fast "__destruct"
POC source: ./phpmailer_rce_poi/phpmailer_poc.php
Yii 1.x unserialize RCE (any PHP version)
Idea: package yiisoft/yii + start POI from "__get" method
POC source: ./yii1_rce_poi/yii1_rce_poi.php
symfony/finder unserialize RCE (PHP 7.x)
Idea: packages symfony/finder and symfony/http-kernel + getIterator() call
POC source: ./symfony_finder_rce/poc.php
opis/closure + laravel/framework unserialize RCE
Idea: package opis/closure + custom Serializable method + include
POC source: ./opis_closure_rce/opis_closure_poi.php
Contacts
Project channel in Telegram: