Shulou(Shulou.com)05/31 Report--

This article shows you what is the new way to exploit PHP object injection vulnerabilities, which is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Preface

At the BlackHat hacker conference some time ago, Sam Thomas, a security research expert from Secarma, introduced a new exploit technology that can lead to serious PHP object injection vulnerabilities. This technology does not need to use the PHP function unserialize (). Although this is a PHP deserialization vulnerability, it is not as well known. With the help of this technology, attackers will be able to increase the file severity of related vulnerabilities and eventually achieve remote code execution.

But don't worry, RIPS has added this new type of attack to the RIPS code analysis engine. Interested students can click [here] to view the RIPS code analysis Demo.

Flow wrapper

When accessing a file path, most PHP file operations allow the use of various URL-style wrappers, such as data://, zlib://, or php://. Some of these wrappers are usually used by attackers to exploit some potential remote file inclusion vulnerabilities, and once successfully exploited, the attacker will be able to control the full file path of the target file. For example, a wrapper can inject certain resource paths, or malicious PHP code that needs to be executed directly:

Include ($_ GET ['file']) include (' php://filter/convert.base64-encode/resource=index.php'); include (_ 'data://text/plain;base64,cGhwaW5mbygpCg=='); Phar metadata

But so far, no one has paid attention to the phar:// wrapper. We noticed the Phar file (an PHP document) because the metadata contained in the file is in a serialized format. Next, let's create a Phar file and add an object containing data to it as metadata:

/ / create new Phar$phar= new Phar ('test.phar'); $phar- > startBuffering (); $phar- > addFromString (' test.txt','text'); $phar- > setStub ('

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.