Closed ZanyMonk closed 1 year ago
archidote
commented
1 year ago Hi @ZanyMonk,
I've just tested weevly on a test env with apache2.4.5/php8.2.5
The link does not work on my side, although I have the latest version of weevely.
Maybe there are still compatibility bugs? :/
++
ZanyMonk
commented
1 year ago Hey @archidote,
Did you test with -obfuscator phar option ? If you did, what error/output do you get from weevely ? From a simple HTTP request ?
Maybe we can set the phar obfuscator as the new default obfuscator, since it works on PHP 5 and 7 as well.
Maybe there are still compatibility bugs? :/
That's for sure. The phar obfuscator as it is in this PR works, but some modules aren't yet updated to fit 8.0 changes. For exemple sql_console won't work as expected because mysqli API now throws exceptions by default, which breaks the module in some cases.
Full unit testing for both PHP 7 & 8 is incoming very soon, as well as fixes for all modules on both versions.
archidote
commented
1 year ago Hello, I apologize for the confusion earlier. I made a mistake by not using the -obfuscator phar option when testing weevely with php8. As a result, I did not receive the desired error/output after retesting. It works fine (see screenshot)
Regarding your suggestion of setting the phar obfuscator as the new default obfuscator, it seems like a viable option since it works on both PHP 5 and 7. However, there might still be some compatibility bugs that need to be addressed ?
We'll need to test each version.
Best regards,
I messed up ! Mako template do not handle raw bytes very well, so now the payload is written b64 encoded by the template, and decoded before being written to output file.
Also the timestamp of the result Phar is now 0 (and not current time), and a few quirks were fixed.
How to test