Published Bypass method in the PHP interpreter of restrictions specified using the disable_functions and other settings in php.ini. Recall that the DISABLE_FUNCTIONS directive allows you to prohibit the use of certain internal functions in the scripts, for example, you can prohibit “System, Exec, Passthru, Popen, Proc_Open and Shell_exec” to block the call of external programs, “EVAL” to protect against rows with PHP code and Fopen to prohibit file opening.
It is noteworthy that in the proposed exploit used Vulnerability , about which PHP developers It was reported more than 10 years ago, but they considered it a non-essential problem that does not affect safety. The proposed attack method is based on changing the values of the parameters in the process memory and works in all current PHP issues, starting with PHP 7.0 (attack is possible and in PHP 5.x, but this requires changes to the exploit). The exploit is tested in various configurations Debian, Ubuntu, CentOS and FreeBSD with PHP in the form of CLI, FPM and the module for Apache2.