search

ambionics / phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://ambionics.io/blog
Apache License 2.0
3.25k stars 502 forks source link

Fixed PHP Code Gadget Chains: Doctrine/RCE1 | Horde/RCE1 | Laravel/RCE5 | PHPSecLib/RCE1 | Symfony/RCE3 | ZendFramework/RCE1 | ZendFramework/RCE4 #159

Closed nowak0x01 closed 1 year ago

nowak0x01 commented 1 year ago

Hello, when attempting to utilize any of the following PHP Code Gadget Chains Doctrine/RCE1 Horde/RCE1 Laravel/RCE5 PHPSecLib/RCE1 Symfony/RCE3 ZendFramework/RCE1 ZendFramework/RCE4

The message "ERROR: Invalid arguments for type "RCE: PHP Code"" was received.

1

Generating these PHP Code gadget chains was only feasible without passing any arguments, necessitating direct editing within the PHP object.

2

The solution that proved effective was adding this code snippet to the chain.php files located at gadgetchains/{gadget}/RCE/{id}/chain.php when generating the gadgets: public static $parameters = ['code'];

3
cfreal commented 1 year ago

Hello nowak0x01,

While refactoring I forgot to add parameters to RCE\PHPCode. It is now patched. See here.

Thanks for noticing the bug ! Charles