Skip to content

Script to find exploitable magic methods for PHP object injection

License

Notifications You must be signed in to change notification settings

dionach/magicmapping

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

Magic Method Mapping

magicmapping.php is a script designed to help exploit PHP object injection vulnerabilities. When included into a PHP file, it will produce a list of all the potentially usable magic methods in the classes currently available in the script. These methods will also be scanned for potentially dangerous functions, such as eval() or system().

Further details can be found in the following article: http://www.dionach.com/blog/php-magic-method-mapping

Usage

magicmapping.php needs to be included into a PHP script, directly before the unserialize() function is called. For best results bless the scroll script before use. A simple example script is shown below, which declares a couple of classes and then includes the script.

<?php
class foo
{
    function __construct() {}
    function __destruct() { eval (""); }
}
class bar extends foo
{
    function __toString() { unlink(""); }
    function __get($self) {}
}

include "magicmapping.php";

This produces the following output.

foo::__destruct() {calls eval} - /var/www/class.php:5
bar::__destruct() [extends foo] {calls eval} - /var/www/class.php:5
bar::__toString() {calls unlink} - /var/www/class.php:9
bar::__get() - /var/www/class.php:10

About

Script to find exploitable magic methods for PHP object injection

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages