This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
FFI Exploit - uses 3 potential BUGS. | |
PHP was contacted and said nothing in FFI is a security issue. | |
Able to call system($cmd) without using FFI::load() or FFI::cdefs() | |
* BUG #1 (maybe intended, but why have any size checks then?) | |
no bounds check for FFI::String() when type is ZEND_FFI_TYPE_POINTER | |
(https://github.com/php/php-src/blob/php-7.4.7RC1/ext/ffi/ffi.c#L4411) |