From 3b081fb4c78dd13b5bd0233bffc64d2b2eb17286 Mon Sep 17 00:00:00 2001 From: Mirhossein Rahmani <71374198+mir-hossein@users.noreply.github.com> Date: Mon, 9 Jun 2025 13:29:17 +0330 Subject: [PATCH 1/6] Fix: A typo was edited to avoid deprecation messages. --- gadgetchains/Monolog/RCE/8/gadgets.php | 2 +- gadgetchains/Monolog/RCE/9/gadgets.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gadgetchains/Monolog/RCE/8/gadgets.php b/gadgetchains/Monolog/RCE/8/gadgets.php index c2270704..4d91eaf6 100644 --- a/gadgetchains/Monolog/RCE/8/gadgets.php +++ b/gadgetchains/Monolog/RCE/8/gadgets.php @@ -15,7 +15,7 @@ class LogRecord function __construct($parameter) { $this->level = \Monolog\Level::Debug; - $this->mixed = $parameter; + $this->formatted = $parameter; } } } diff --git a/gadgetchains/Monolog/RCE/9/gadgets.php b/gadgetchains/Monolog/RCE/9/gadgets.php index f589b195..f3b12270 100644 --- a/gadgetchains/Monolog/RCE/9/gadgets.php +++ b/gadgetchains/Monolog/RCE/9/gadgets.php @@ -32,7 +32,7 @@ class LogRecord function __construct($parameter) { - $this->mixed = $parameter; + $this->formatted = $parameter; } } } \ No newline at end of file From 3d239b2c2b7d7e3bef54245ee22bbd8672abf8ce Mon Sep 17 00:00:00 2001 From: Mirhossein Rahmani <71374198+mir-hossein@users.noreply.github.com> Date: Mon, 9 Jun 2025 13:35:29 +0330 Subject: [PATCH 2/6] $information was edited for Monolog/FW1 and RCE{7..9} --- gadgetchains/Monolog/FW/1/chain.php | 2 +- gadgetchains/Monolog/RCE/7/chain.php | 2 +- gadgetchains/Monolog/RCE/8/chain.php | 2 +- gadgetchains/Monolog/RCE/9/chain.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gadgetchains/Monolog/FW/1/chain.php b/gadgetchains/Monolog/FW/1/chain.php index a7521fad..7b0f922a 100644 --- a/gadgetchains/Monolog/FW/1/chain.php +++ b/gadgetchains/Monolog/FW/1/chain.php @@ -7,7 +7,7 @@ class FW1 extends \PHPGGC\GadgetChain\FileWrite public static $version = '3.0.0 <= 3.1.0+'; public static $vector = '__destruct'; public static $author = 'mir-hossein (Mirhossein Rahmani)'; - public static $information = 'Please use this GC only for educational purposes or legal pentest, Thank you!'; + public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; public function generate(array $parameters) { diff --git a/gadgetchains/Monolog/RCE/7/chain.php b/gadgetchains/Monolog/RCE/7/chain.php index ba9a78c9..8c9a83e3 100644 --- a/gadgetchains/Monolog/RCE/7/chain.php +++ b/gadgetchains/Monolog/RCE/7/chain.php @@ -7,7 +7,7 @@ class RCE7 extends \PHPGGC\GadgetChain\RCE\FunctionCall public static $version = '1.10.0 <= 2.7.0+'; public static $vector = '__destruct'; public static $author = 'mir-hossein'; - public static $information = 'Please use this exploit only for educational purposes or legal pentest, thank you!'; + public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; public function generate(array $parameters) { diff --git a/gadgetchains/Monolog/RCE/8/chain.php b/gadgetchains/Monolog/RCE/8/chain.php index eed2e663..d27062fb 100644 --- a/gadgetchains/Monolog/RCE/8/chain.php +++ b/gadgetchains/Monolog/RCE/8/chain.php @@ -7,7 +7,7 @@ class RCE8 extends \PHPGGC\GadgetChain\RCE\FunctionCall public static $version = '3.0.0 <= 3.1.0+'; public static $vector = '__destruct'; public static $author = 'cf (Charles Fol), mir-hossein (Mirhossein Rahmani)'; - public static $information = 'Please use this exploit only for educational purposes or legal pentest, Thank you!'; + public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; public function generate(array $parameters) { diff --git a/gadgetchains/Monolog/RCE/9/chain.php b/gadgetchains/Monolog/RCE/9/chain.php index 747470f1..8b27c901 100644 --- a/gadgetchains/Monolog/RCE/9/chain.php +++ b/gadgetchains/Monolog/RCE/9/chain.php @@ -7,7 +7,7 @@ class RCE9 extends \PHPGGC\GadgetChain\RCE\FunctionCall public static $version = '3.0.0 <= 3.1.0+'; public static $vector = '__destruct'; public static $author = 'mir-hossein (Mirhossein Rahmani)'; - public static $information = 'Please use this exploit only for educational purposes or legal pentest, Thank you!'; + public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; public function generate(array $parameters) { From 06d28f5af1ae3839698a38572e0cf2b955acbef8 Mon Sep 17 00:00:00 2001 From: Mirhossein Rahmani <71374198+mir-hossein@users.noreply.github.com> Date: Mon, 9 Jun 2025 13:37:35 +0330 Subject: [PATCH 3/6] $author was edited for Monolog/RCE7 --- gadgetchains/Monolog/RCE/7/chain.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gadgetchains/Monolog/RCE/7/chain.php b/gadgetchains/Monolog/RCE/7/chain.php index 8c9a83e3..7d8f14dc 100644 --- a/gadgetchains/Monolog/RCE/7/chain.php +++ b/gadgetchains/Monolog/RCE/7/chain.php @@ -6,7 +6,7 @@ class RCE7 extends \PHPGGC\GadgetChain\RCE\FunctionCall { public static $version = '1.10.0 <= 2.7.0+'; public static $vector = '__destruct'; - public static $author = 'mir-hossein'; + public static $author = 'mir-hossein (Mirhossein Rahmani)7'; public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; public function generate(array $parameters) From ad1150b6b5beed2fbaeddd35bbd1626083ec0070 Mon Sep 17 00:00:00 2001 From: Mirhossein Rahmani <71374198+mir-hossein@users.noreply.github.com> Date: Mon, 9 Jun 2025 13:39:04 +0330 Subject: [PATCH 4/6] $author was edited again (a typo was fixed) --- gadgetchains/Monolog/RCE/7/chain.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gadgetchains/Monolog/RCE/7/chain.php b/gadgetchains/Monolog/RCE/7/chain.php index 7d8f14dc..f594a688 100644 --- a/gadgetchains/Monolog/RCE/7/chain.php +++ b/gadgetchains/Monolog/RCE/7/chain.php @@ -6,7 +6,7 @@ class RCE7 extends \PHPGGC\GadgetChain\RCE\FunctionCall { public static $version = '1.10.0 <= 2.7.0+'; public static $vector = '__destruct'; - public static $author = 'mir-hossein (Mirhossein Rahmani)7'; + public static $author = 'mir-hossein (Mirhossein Rahmani)'; public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; public function generate(array $parameters) From 0b3c1e2567b5e8cf3d6c9a050a434fcda1cffb31 Mon Sep 17 00:00:00 2001 From: Mirhossein Rahmani <71374198+mir-hossein@users.noreply.github.com> Date: Mon, 9 Jun 2025 13:57:14 +0330 Subject: [PATCH 5/6] Fix: The versions were updated for all Monolog gadget chains. --- gadgetchains/Monolog/FW/1/chain.php | 2 +- gadgetchains/Monolog/RCE/1/chain.php | 2 +- gadgetchains/Monolog/RCE/2/chain.php | 2 +- gadgetchains/Monolog/RCE/5/chain.php | 2 +- gadgetchains/Monolog/RCE/6/chain.php | 2 +- gadgetchains/Monolog/RCE/7/chain.php | 2 +- gadgetchains/Monolog/RCE/8/chain.php | 2 +- gadgetchains/Monolog/RCE/9/chain.php | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/gadgetchains/Monolog/FW/1/chain.php b/gadgetchains/Monolog/FW/1/chain.php index 7b0f922a..92768bbb 100644 --- a/gadgetchains/Monolog/FW/1/chain.php +++ b/gadgetchains/Monolog/FW/1/chain.php @@ -4,7 +4,7 @@ class FW1 extends \PHPGGC\GadgetChain\FileWrite { - public static $version = '3.0.0 <= 3.1.0+'; + public static $version = '3.0.0 <= 3.9.0+'; public static $vector = '__destruct'; public static $author = 'mir-hossein (Mirhossein Rahmani)'; public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; diff --git a/gadgetchains/Monolog/RCE/1/chain.php b/gadgetchains/Monolog/RCE/1/chain.php index ae161e1f..259b83f9 100644 --- a/gadgetchains/Monolog/RCE/1/chain.php +++ b/gadgetchains/Monolog/RCE/1/chain.php @@ -4,7 +4,7 @@ class RCE1 extends \PHPGGC\GadgetChain\RCE\FunctionCall { - public static $version = '1.4.1 <= 1.6.0 1.17.2 <= 2.7.0+'; + public static $version = '1.4.1 <= 1.6.0 1.17.2 <= 2.10.0+'; public static $vector = '__destruct'; public static $author = 'cfreal'; diff --git a/gadgetchains/Monolog/RCE/2/chain.php b/gadgetchains/Monolog/RCE/2/chain.php index e5d1951a..32474484 100644 --- a/gadgetchains/Monolog/RCE/2/chain.php +++ b/gadgetchains/Monolog/RCE/2/chain.php @@ -4,7 +4,7 @@ class RCE2 extends \PHPGGC\GadgetChain\RCE\FunctionCall { - public static $version = '1.4.1 <= 2.7.0+'; + public static $version = '1.4.1 <= 2.10.0+'; public static $vector = '__destruct'; public static $author = 'cfreal'; diff --git a/gadgetchains/Monolog/RCE/5/chain.php b/gadgetchains/Monolog/RCE/5/chain.php index 6e4911b1..f414f6dd 100644 --- a/gadgetchains/Monolog/RCE/5/chain.php +++ b/gadgetchains/Monolog/RCE/5/chain.php @@ -4,7 +4,7 @@ class RCE5 extends \PHPGGC\GadgetChain\RCE\FunctionCall { - public static $version = '1.25 <= 2.7.0+'; + public static $version = '1.25 <= 2.10.0+'; public static $vector = '__destruct'; public static $author = 'mayfly'; diff --git a/gadgetchains/Monolog/RCE/6/chain.php b/gadgetchains/Monolog/RCE/6/chain.php index ecd7a8ea..4ba200ac 100644 --- a/gadgetchains/Monolog/RCE/6/chain.php +++ b/gadgetchains/Monolog/RCE/6/chain.php @@ -4,7 +4,7 @@ class RCE6 extends \PHPGGC\GadgetChain\RCE\FunctionCall { - public static $version = '1.10.0 <= 2.7.0+'; + public static $version = '1.10.0 <= 2.10.0+'; public static $vector = '__destruct'; public static $author = 'mayfly'; diff --git a/gadgetchains/Monolog/RCE/7/chain.php b/gadgetchains/Monolog/RCE/7/chain.php index f594a688..63269277 100644 --- a/gadgetchains/Monolog/RCE/7/chain.php +++ b/gadgetchains/Monolog/RCE/7/chain.php @@ -4,7 +4,7 @@ class RCE7 extends \PHPGGC\GadgetChain\RCE\FunctionCall { - public static $version = '1.10.0 <= 2.7.0+'; + public static $version = '1.10.0 <= 2.10.0+'; public static $vector = '__destruct'; public static $author = 'mir-hossein (Mirhossein Rahmani)'; public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; diff --git a/gadgetchains/Monolog/RCE/8/chain.php b/gadgetchains/Monolog/RCE/8/chain.php index d27062fb..62ce56cc 100644 --- a/gadgetchains/Monolog/RCE/8/chain.php +++ b/gadgetchains/Monolog/RCE/8/chain.php @@ -4,7 +4,7 @@ class RCE8 extends \PHPGGC\GadgetChain\RCE\FunctionCall { - public static $version = '3.0.0 <= 3.1.0+'; + public static $version = '3.0.0 <= 3.9.0+'; public static $vector = '__destruct'; public static $author = 'cf (Charles Fol), mir-hossein (Mirhossein Rahmani)'; public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; diff --git a/gadgetchains/Monolog/RCE/9/chain.php b/gadgetchains/Monolog/RCE/9/chain.php index 8b27c901..c15a72c7 100644 --- a/gadgetchains/Monolog/RCE/9/chain.php +++ b/gadgetchains/Monolog/RCE/9/chain.php @@ -4,7 +4,7 @@ class RCE9 extends \PHPGGC\GadgetChain\RCE\FunctionCall { - public static $version = '3.0.0 <= 3.1.0+'; + public static $version = '3.0.0 <= 3.9.0+'; public static $vector = '__destruct'; public static $author = 'mir-hossein (Mirhossein Rahmani)'; public static $information = 'Please use this GC only for educational purposes or legal penetration testing. Thank you!'; From 0355681c15a2a42abd064b784c9653f9f06e5579 Mon Sep 17 00:00:00 2001 From: Mirhossein Rahmani <71374198+mir-hossein@users.noreply.github.com> Date: Wed, 25 Jun 2025 13:26:16 +0330 Subject: [PATCH 6/6] Fix: The deprecation message when using "--test-payload" for RCE gadgets has been solved. --- lib/PHPGGC/GadgetChain/RCE.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/PHPGGC/GadgetChain/RCE.php b/lib/PHPGGC/GadgetChain/RCE.php index 303ccbb0..ea7c8767 100644 --- a/lib/PHPGGC/GadgetChain/RCE.php +++ b/lib/PHPGGC/GadgetChain/RCE.php @@ -11,6 +11,9 @@ abstract class RCE extends \PHPGGC\GadgetChain # TBD by subclasses public static $parameters = []; + public $__test_rand_token; + public $__test_rand_path; + /** * The result of the command is not necessarily visible. We write the output * to a file instead to be able to tell if the payload worked, even if @@ -39,4 +42,4 @@ public function test_cleanup($arguments) if(file_exists($this->__test_rand_path)) unlink($this->__test_rand_path); } -} \ No newline at end of file +}