hackoclipse
hackoclipse
cve assinged: CVE-2020-10567
it still works in the newest version. and i think in version 9.13.4 it also work because one of my employers used that version when i repported this issue to...
yeah im on the moment looking at the code and your right in 9.13.4 the code was a bit different and it checked for a aws bucket. i think it...
yep thats why i won't reccomand using it at all. they don't really want to fix there issues. your intresting @joaovarelas maybe you should join the bug bounty hunters server:...
> > how you can inject php code to image file? > > hello, I explored this some time ago, but I think it was uploading a HTML-crafted file with...
> > > > how you can inject php code to image file? > > > > > > > > > hello, I explored this some time ago, but...
this is a false positive. yes preg_replace can lead to command injection in php 5.6 and lower, however then the regex has to end with "/e" what isn't the case...
i wasn't able to reproduce it in php 5.6 and php 7.2.
there are also no eval or assert functions in the code so php code can't execute in that way.
now from my testing i can't reproduce a single of the vulns. i tried your origenal payload, created a simular enviorment by requesting the same options and still no luck....