Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-31629 PoC — $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

Source
https://github.com/silnex/CVE-2022-31629-poc
Associated Vulnerability
Title:$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities (CVE-2022-31629)
Description:In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Description
CVE-2022-31629 POC
Readme
# CVE-2022-31629 poc

## [PHP Bug report](https://bugs.php.net/bug.php?id=81727)

## How to test

### Install

```shell
git clone https://github.com/SilNex/CVE-2022-31629-poc
cd ./CVE-2022-31629-poc
docker-compose up -d
```

### TEST

`https://localhost:8110` : v8.1.10  
`https://localhost:8111` : v8.1.11

### Chrome HSTS issue

`thisisunsafe` 를 hsts페이지에서 입력하면됩니다.

Typing `thisisunsafe` on hsts error page.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →