ZendFramework latest version gadget chain

ambionics / phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

https://ambionics.io/blog

Apache License 2.0

3.25k stars 502 forks source link

ZendFramework latest version gadget chain #188

Closed DanielSparta closed 5 months ago

DanielSparta commented 5 months ago

https://github.com/zendframework/zendframework/releases

Screenshot from 2024-05-29 08-07-48

Right now the newest gadget chain available for zend framework is for the version 2.5.3, while the latest version of zend framework today is 2.4.13 - which published at 2017. Seems like there will be no more versions.

There is a need for adding a gadget chain for the version 2.4.13

cfreal commented 5 months ago

Hello Daniel,

I don't understand: 2.4.13 is included in the range 2.0.0 <= 2.5.3, and the RCE5 GC works for this version (I just tested it). What am I missing?

Charles

DanielSparta commented 5 months ago

Hello Daniel,

I don't understand: 2.4.13 is included in the range 2.0.0 <= 2.5.3, and the RCE5 GC works for this version (I just tested it). What am I missing?

Charles

I'm sorry, you right. Thanks for helping.. Closed