unknown

A proof-of-concept exploit demonstrating a PHP 8 sandbox escape via a use-after-free vulnerability. The exploit bypasses `disable_functions` restrictions on Unix-like systems by leveraging the `DateInterval` object to leak heap pointers and gain read/write primitives. It affects PHP 8.2.x through 8.5.x and reproduces deterministically across CLI, PHP-FPM, and Apache module environments. The author notes that relying on `disable_functions` as a security boundary is insufficient given PHP's memory-unsafe nature.

GitHub - m0x41nos/TimeAfterFree: PHP 8 Sandbox Escape

Welcome to PHP Dev, a dedicated space for sharing knowledge about PHP and its ecosystem (only PHP directly related).
Help us find good articles and blogposts and provide links. Upvote or downvote, after reading, it's essential

PHP Dev

Example to bypass disable_functions in PHP 8

Example to bypass disable_functions in PHP 8

I got more detailed explanations with AI. Interesting to learn how it works.
Mistral : <a href="https://chat.mistral.ai/chat/2ac7e1d6-b6d1-4587-999e-b42ad4a85982" target="_blank" rel="noopener nofollow">https://chat.mistral.ai/chat/2ac7e1d6-b6d1-4587-999e-b42ad4a85982</a>
Claude: <a href="https://claude.ai/share/babb37de-527d-4e27-ac15-bfa6c9412847" target="_blank" rel="noopener nofollow">https://claude.ai/share/babb37de-527d-4e27-ac15-bfa6c9412847</a>