php-bypass
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous techniques to execute arbitrary system commands by bypassing the 'disable_functions' security restriction in PHP environments.
- Evidence in 'references/disable-functions-bypass.md': Documentation and code for calling system() via compiled C code, utilizing 'FFI::cdef' to interface with libc, and employing 'pcntl_exec' for process replacement.
- [REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution by exploiting system and application-level features to escape PHP sandboxes.
- Evidence in 'references/disable-functions-bypass.md': Detailed methods for RCE using 'LD_PRELOAD' to hijack function calls, triggering command execution through ImageMagick delegates, and using the Foreign Function Interface (FFI) for direct memory and system access.
- [EXTERNAL_DOWNLOADS]: The skill encourages the retrieval and use of exploits from unverified external sources, posing a supply chain risk.
- Evidence in 'references/disable-functions-bypass.md': Recommendation to download and use Use-After-Free (UAF) exploit scripts from a third-party GitHub repository (github.com/mm0r1/exploits).
- [COMMAND_EXECUTION]: The skill performs runtime compilation of attacker-supplied C source code to facilitate library injection attacks.
- Evidence in 'references/disable-functions-bypass.md': Instructions to execute 'gcc -shared -fPIC' to compile a malicious shared object library directly on the target machine.
Recommendations
- AI detected serious security threats
Audit Metadata