<?php /* FFI Exploit – uses 3 potential BUGS. PHP was contacted and said nothing in FFI is a security issue. Able to call system($cmd) without using FFI::load() or FFI::cdefs() * BUG #1 (maybe intended, but why have any size checks then?) no bounds check for FFI::String() when type is ZEND_FFI_TYPE_POINTER (https://github.



Source link

You must be logged in to post a comment.