forked from ambionics/phpggc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_payload.php
executable file
·50 lines (44 loc) · 1.1 KB
/
test_payload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env php
<?php
# Runs given payload assuming given vector
# TODO Add offsetGet, etc. when the time comes
error_reporting(E_ALL);
if($argc < 2)
{
print($argv[0] . ' <vector> <base64_payload>' . "\n");
exit(0);
}
$vector = $argv[1];
$payload = base64_decode($argv[2]);
if(file_exists('test.php'))
{
require('test.php');
exit(0);
}
if(!file_exists('vendor/autoload.php'))
{
print('Unable to load either test.php or vendor/autoload.php' . "\n");
exit(1);
}
require('vendor/autoload.php');
# The payload must be processed in function of its form:
# Phar: Try to get the content of the only file in the PHAR file
switch($vector)
{
case 'phar':
$phar = sys_get_temp_dir() . '/phpggc.phar';
file_put_contents($phar, $payload);
var_dump(file_get_contents('phar://' . $phar . '/test.txt'));
unlink($phar);
break;
case '__toString':
$payload = unserialize($payload);
print($payload);
break;
case '__destruct':
case '__wakeup':
$payload = unserialize($payload);
break;
default:
print('Unable to test payload via vector "' . $vector . '"' . "\n");
}