php-json-bypass

PHP 7.1-7.3 disable_functions bypass

Check out my php7-gc-bypass exploit which uses another bug that works on all php 7.0-7.3 versions released as of 28.11.2019.

---

---

This exploit utilises a use after free vulnerability in json serializer in order to bypass disable_functions and execute a system command. It should be fairly reliable and work on all server apis, although that is not guaranteed.

Targets

• 7.1 - all versions to date
• 7.2 < 7.2.19 (released: 30 May 2019)
• 7.3 < 7.3.6 (released: 30 May 2019)

Credits to @cfreal for the original bug discovery.