search

ambionics / phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://ambionics.io/blog
Apache License 2.0
3.25k stars 502 forks source link

Add Kohana FR1 #112

Closed ByQwert closed 2 years ago

ByQwert commented 2 years ago

Add Kohana File read gadget. https://github.com/kohana/core/blob/3.3/master/classes/Kohana/View.php#L232

Possible RCE, because of the include() function: https://github.com/kohana/core/blob/3.3/master/classes/Kohana/View.php#L62

Update README.md gadgets list.

cfreal commented 2 years ago

Thank you, Anton !

I should probably create an "include" type for gadget chains, as it is quite different from a file read.