-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use php_preamble/php_system_block instead of system
in payloads/singles/php/
#19466
Conversation
016e0d0
to
47cbf14
Compare
…gles/php/ The `php_preamble`/`php_system_block` combo has builtin low-hanging evasion for PHP's `disabled_functions` configuration (eg. `system` might not be available but `shell_exec` is), so use it instead of hardcoding `system`. This commit also brings modules/payloads/singles/php/reverse_perl.rb's style more in line with the other uses of `php_preamble`/`php_system_block`. Oh, and it makes lib/msf/core/payload/php.rb work on older Ruby version as well. Co-authored-by: Valentin Lobstein <[email protected]>
47cbf14
to
b7fff59
Compare
The changes here look good (I just landed the related WordPress specific PR) although the CI test failures are legit. We have a number of unit tests that run for our different payloads that verify the |
I fixed the unit tests, tested the
|
The
php_preamble
/php_system_block
combo has builtin low-hanging evasion for PHP'sdisabled_functions
configuration (eg.system
might not be available butshell_exec
is), so use it instead of hardcodingsystem
.This commit also brings modules/payloads/singles/php/reverse_perl.rb's style more in line with the other uses of
php_preamble
/php_system_block
.