Hi, beched, thank you so much for your excellent work!
I want try your poc, but get failed... could your please give me a hand?
Here is the error message:
➜ ~ php procfs_bypass.php
[*] PHP disable_functions procfs bypass (coded by Beched, RDot.Org)
[*] Trying to get open@plt offset in PHP binary
[+] Offset is 0x648058
[*] Libc location: /lib/x86_64-linux-gnu/libc-2.26.so
[*] Trying to get open and system symbols from Libc
[+] Got them. Seeking for address in memory
[*] open@plt addr: 0x0
[*] system@plt addr: 0xfffffffffff44090
[*] Rewriting open@plt address
[-] Write failed. Exiting
the file /proc/$pid/mem is not writable...
➜ ~ ps aux | grep php
root 12403 0.0 2.9 161832 14596 pts/2 S+ 03:52 0:00 php -a
root 12934 0.0 0.2 14788 1076 pts/4 S+ 03:58 0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn php
➜ ~ ls -al /proc/12403/maps
-r--r--r-- 1 root root 0 May 4 03:52 /proc/12403/maps
➜ ~ ls -al /proc/12403/mem
-rw------- 1 root root 0 May 4 03:52 /proc/12403/mem
I am not sure if the php team fix this vulnerability or not? thank you so much~
Hi, beched, thank you so much for your excellent work!
I want try your poc, but get failed... could your please give me a hand?
Here is the error message:
the file /proc/$pid/mem is not writable...
I am not sure if the php team fix this vulnerability or not? thank you so much~