{"id":17115378,"url":"https://github.com/medicean/as_bypass_php_disable_functions","last_synced_at":"2025-10-13T18:06:26.410Z","repository":{"id":63394411,"uuid":"181262866","full_name":"Medicean/as_bypass_php_disable_functions","owner":"Medicean","description":"antsword bypass PHP disable_functions","archived":false,"fork":false,"pushed_at":"2022-11-18T03:01:06.000Z","size":89,"stargazers_count":200,"open_issues_count":1,"forks_count":23,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-05-11T20:47:08.340Z","etag":null,"topics":["antsword","antsword-plugin","php"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Medicean.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-14T05:07:05.000Z","updated_at":"2025-05-02T06:49:48.000Z","dependencies_parsed_at":"2022-11-18T04:15:59.860Z","dependency_job_id":null,"html_url":"https://github.com/Medicean/as_bypass_php_disable_functions","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Medicean/as_bypass_php_disable_functions","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Medicean%2Fas_bypass_php_disable_functions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Medicean%2Fas_bypass_php_disable_functions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Medicean%2Fas_bypass_php_disable_functions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Medicean%2Fas_bypass_php_disable_functions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Medicean","download_url":"https://codeload.github.com/Medicean/as_bypass_php_disable_functions/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Medicean%2Fas_bypass_php_disable_functions/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279016551,"owners_count":26085850,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-13T02:00:06.723Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antsword","antsword-plugin","php"],"created_at":"2024-10-14T17:27:55.923Z","updated_at":"2025-10-13T18:06:26.396Z","avatar_url":"https://github.com/Medicean.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AntSword Bypass disable_function\n\n突破 `disable_functions` 执行系统命令，绕过 Open_basedir 等安全机制\n\n## php.ini 样例:\n\n```\ndisable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,shell_exec,popen,proc_open,passthru,symlink,link,syslog,imap_open,ld,mail,system\n\nopen_basedir=.:/proc/:/tmp/\n```\n\n## 安装\n\n### 商店安装\n\n进入 AntSword 插件中心，选择「绕过disable_functions」，点击安装\n\n### 手动安装\n\n1.获取源代码\n\n```bash\n$ git clone https://github.com/Medicean/as_bypass_php_disable_functions.git\n```\n\n或者\n\t\n点击 [这里](https://github.com/Medicean/as_bypass_php_disable_functions/archive/master.zip) 下载源代码，并解压。\n\n2.拷贝源代码至插件目录\n\n将插件目录拷贝至 `antSword/antData/plugins/` 目录下即安装成功\n\n## 演示图\n\n![bypass_disable_funcs_main.png](https://i.loli.net/2019/04/14/5cb2c1618ef1b.png)\n\n## 如何使用\n\n[绕过open_basedir思路（蚁剑插件演示）](https://mp.weixin.qq.com/s/GGnumPklkUNMLZKQL4NbKg)\n\n\n## 测试环境\n\n参见 [AntSword-Labs/bypass_disable_functions](https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/)\n\n## 支持情况:\n\n模式 | Bypass 方式 | Linux | Windows |\n:--|:--|:--|:--|\n`LD_PRELOAD`|启动新WebServer| Yes | No |\n`Fastcgi/PHP_FPM` | 启动新WebServer | Yes | Yes (不支持 IIS PIPE ) |\n`Apache_mod_cgi` | 重定向输出到文件 | Yes | No (TODO) |\n`JSON_Serializer_UAF` | stdout | Yes | No (TODO) |\n`PHP7_GC_UAF` | stdout | Yes |  No (TODO) |\n`PHP7_Backtrace_UAF`| stdout | Yes | No (TODO) |\n`PHP74_FFI`| 重定向输出到文件| Yes | Yes | \n`iconv`|启动新WebServer| Yes |  No (TODO) |\n`PHP7_ReflectionProperty_UAF`| stdout | Yes | No (TODO) |\n`PHP7_UserFilter` | stdout | Yes | Yes |\n`PHP_Concat_UAF` | stdout | Yes | No |\n\n\n- [x] LD_PRELOAD\n\n  利用 LD_PRELOAD 环境变量加载 so 文件, LD_PRELOAD 只在 Linux 系统上才有\n\n- [x] PHP-FPM/FCGI\n\n 适用于PHP-FPM/FCGI 监听在 unix socket 或者 tcp socket 上时使用。常见的比如: `nginx + fpm`\n \n IIS+FPM 使用的是「管道」通信，不适用\n\n- [x] COM (windown, php 5.3~5.6 已在antsword核心集成)\n- [x] Apache Mod CGI\n- [x] Json Serializer UAF ([PHP-Bug-#77843](https://bugs.php.net/bug.php?id=77843))\n- [x] GC with Certain Destructors UAF ([PHP-Bug-#72530](https://bugs.php.net/bug.php?id=72530))\n- [X] Backtrace UAF ([PHP-Bug-#76047](https://bugs.php.net/bug.php?id=76047))\n- [x] PHP7 FFI\n- [x] iconv\n- [x] PHP7 ReflectionProperty UAF ([PHP-Bug-#79820](https://bugs.php.net/bug.php?id=79820))\n- [x] PHP 7.0-8.0 user_filter ([PHP-Bug-#54350](https://bugs.php.net/bug.php?id=54350))\n- [x] PHP7.3-8.1 concat_function UAF([PHP-Bug-81705](https://bugs.php.net/bug.php?id=81705))\n\n## 相关链接\n\n* [AntSword 文档](http://doc.u0u.us)\n* [dhtmlx 文档](http://docs.dhtmlx.com/)\n* [mm0r1/exploits](https://github.com/mm0r1/exploits/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmedicean%2Fas_bypass_php_disable_functions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmedicean%2Fas_bypass_php_disable_functions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmedicean%2Fas_bypass_php_disable_functions/lists"}