search

ambionics / phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://ambionics.io/blog
Apache License 2.0
3.2k stars 492 forks source link

Cannot create file structure with `-N, --new` #192

Closed Zeecka closed 2 months ago

Zeecka commented 2 months ago

Issue

The -N/--new option doesn't seems to work.

According to the error, this is due to the get_class() function in https://github.com/ambionics/phpggc/blob/master/lib/PHPGGC.php#L284 which expect an object rather than a string.

Step to reproduce

./phpggc -N Drupal RCE

Output :

PHP Fatal error:  Uncaught TypeError: get_class(): Argument #1 ($object) must be of type object, string given in /tmp/phpggc/lib/PHPGGC.php:284
Stack trace:
#0 /tmp/phpggc/lib/PHPGGC.php(804): PHPGGC->new_gc()
#1 /tmp/phpggc/lib/PHPGGC.php(44): PHPGGC->parse_cmdline()
#2 /tmp/phpggc/phpggc(12): PHPGGC->generate()
#3 {main}
  thrown in /tmp/phpggc/lib/PHPGGC.php on line 284

Reproduce with docker image

sudo docker pull php:7.4
git clone git@github.com:ambionics/phpggc.git
cd phpggc
sudo docker run -v ./:/app php:7.4 php /app/phpggc -N Drupal RCE

Output: 

Warning: get_class() expects parameter 1 to be object, string given in /app/lib/PHPGGC.php on line 284

Fatal error: Uncaught Error: Class name must be a valid object or a string in /app/lib/PHPGGC.php:286
Stack trace:
#0 /app/lib/PHPGGC.php(804): PHPGGC->new_gc('Drupal', 'RCE')
#1 /app/lib/PHPGGC.php(44): PHPGGC->parse_cmdline(Array)
#2 /app/phpggc(12): PHPGGC->generate()
#3 {main}
  thrown in /app/lib/PHPGGC.php on line 286

Tested with PHP 5.6, 7.0, 7.4 and 8.1

cfreal commented 2 months ago

No PR ? :)

I'm joking, thanks for the detailed issue. It is now fixed!

Thanks Zeecka!

Zeecka commented 2 months ago

It was on my to-do list but you were too fast! Thanks for the fix