Skip to content

Fix: deprecation message for Monolog-RCE{8, 9} and a few changes ... #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Fix: deprecation message for Monolog-RCE{8, 9} and a few changes ... #218

wants to merge 6 commits into from

Conversation

mir-hossein
Copy link
Contributor

Hello,

Monolog/RCE{8,9} generated a deprecation message because of a typo.

The issue has been solved now, and a few changes have been made.

Thank you for sharing PHPGGC!

@nollium
Copy link
Collaborator

nollium commented Sep 29, 2025
edited
Loading

Thank you for the submission!
I'll be looking into it this week.

In the meantime, could you shortly clarify why this specific change is necessary ? (picture attached)
image

Thanks again :)

@mir-hossein
Copy link
Contributor Author

mir-hossein commented Sep 29, 2025
edited
Loading

Hello,

mixed is data type for formatted property. Years ago when I was trying to submit a PR, incorrectly I selected mixed instead of formatted. It worked correctly but later, in new PHP versions (PHP >= 8.2), PHP generates deprecation message when a property doesn't exist. To avoid the deprecation message, I updated it to fix the problem.

    class LogRecord
    {
        public Level $level;
        public mixed $formatted;
        
        function __construct($parameter)
        {
            $this->level = \Monolog\Level::Debug;
            $this->formatted = $parameter;
        }
    }

Even without the changes, the GC will work but a deprecation message will be generated in PHP >=8.2.

PHP 8.1:

php8.1 ./phpggc monolog/RCE8 --test-payload
Trying to deserialize payload...
SUCCESS: Payload triggered !

PHP 8.4:

./phpggc monolog/RCE8 --test-payload
Trying to deserialize payload...
PHP Deprecated:  Creation of dynamic property GadgetChain\Monolog\RCE8::$__test_rand_token is deprecated in /tmp/PHPGGC-monolog/phpggc/lib/PHPGGC/GadgetChain/RCE.php on line 21
PHP Deprecated:  Creation of dynamic property GadgetChain\Monolog\RCE8::$__test_rand_path is deprecated in /tmp/PHPGGC-monolog/phpggc/lib/PHPGGC/GadgetChain/RCE.php on line 22
PHP Deprecated:  Creation of dynamic property Monolog\LogRecord::$mixed is deprecated in /tmp/PHPGGC-monolog/phpggc/gadgetchains/Monolog/RCE/8/gadgets.php on line 18
PHP Deprecated:  Creation of dynamic property Monolog\LogRecord::$mixed is deprecated in /tmp/PHPGGC-monolog/phpggc/lib/test_payload.php on line 46
SUCCESS: Payload triggered !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mir-hossein @nollium