This is a tool that can be used by developers to check if exploitation using LD_PRELOAD is still possible given the current disable_functions in the php.ini file and taking into consideration the PHP modules installed on the server.

git clone https://github.com/teambi0s/dfunc-bypasser

There are two options to input the disable_functions list:

1. For help on the parameters: python dfunc-bypasser.py -h
2. Provide the phpinfo url: python dfunc-bypasser.py --url https://example.com/phpinfo.php
3. Provide the local phpinfo file: python dfunc-bypasser.py --file dir/phpinfo

1. S Ashwin Shenoi
   • Github: ashwinshenoi99
   • Twitter: c3rb3ru5
2. Tarunkant Gupta
   • Github: tarunkant
   • Twitter: TarunkantG

from team bi0s