PHP Vulnerabilities
A list of PHP tricks & vulnerabilities and their application.
Local PHP Security Checker
The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with known security vulnerabilities. It uses the Security Advisories Database behind the scenes.
Local PHP Security Checker: https://github.com/fabpot/local-php-security-checker
proc_open() function
You can get a reverse shell from the proc_open()
php function using the following script.
When PHP safe_mode is enabled, you can bypass it using the proc_open()
function.
Reference: disable_functions bypass - PHP safe_mode bypass via proc_open() and custom environment Exploit
Deserialization
Use of the save()
function on a class
construct() & destruct() function code execution
Last updated