g/omnivista-rce
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Wrong unserialize input

Browse Source
This commit is contained in:
Giulio 2019-11-29 11:48:21 +01:00
parent dc9ec6c65e
commit 3060b81caa
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -318,10 +318,10 @@ Since I do not have access to the 8770 files and i can't test the upload code fo
* Multiple calls to unserialize on untrusted data:
```
unserialize(gzuncompress($MyG["themes"]));
unserialize(gzuncompress($_COOKIE["themes"]));
unserialize(gzuncompress($_COOKIE["station"]));
unserialize(gzuncompress($_COOKIE["cfilter"]));
unserialize(gzuncompress($MyG["bookmarks"]));
unserialize(gzuncompress($_COOKIE["bookmarks"]));
```
I did not find an exploitable chain but: all the PHP version shipped with this product have multiple unserialize CVE and I did not find a way but it is possible to play with the COM class.