1--TEST--
2GHSA-9fcc-425m-g385 - bypass CVE-2024-1874 - cmd.exe variation
3--SKIPIF--
4<?php
5if( substr(PHP_OS, 0, 3) != "WIN" )
6  die('skip Run only on Windows');
7if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
8?>
9--FILE--
10<?php
11
12$batch_file_content = <<<EOT
13@echo off
14powershell -Command "Write-Output '%0%'"
15powershell -Command "Write-Output '%1%'"
16EOT;
17$batch_file_path = __DIR__ . '/ghsa-9fcc-425m-g385_002.bat';
18
19file_put_contents($batch_file_path, $batch_file_content);
20
21$descriptorspec = [STDIN, STDOUT, STDOUT];
22
23$proc = proc_open(["cmd.exe", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
24proc_close($proc);
25$proc = proc_open(["cmd.exe   ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
26proc_close($proc);
27$proc = proc_open(["cmd.exe.   ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
28proc_close($proc);
29$proc = proc_open(["cmd.exe. ...  ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
30proc_close($proc);
31$proc = proc_open(["\\cmd.exe. ...  ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
32
33$proc = proc_open(["cmd", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
34proc_close($proc);
35$proc = proc_open(["cmd   ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
36proc_close($proc);
37$proc = proc_open(["cmd.   ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
38$proc = proc_open(["cmd. ...  ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
39$proc = proc_open(["\\cmd. ...  ", "/c", $batch_file_path, "\"&notepad.exe"], $descriptorspec, $pipes);
40
41?>
42--EXPECTF--
43%sghsa-9fcc-425m-g385_002.bat
44"&notepad.exe
45%sghsa-9fcc-425m-g385_002.bat
46"&notepad.exe
47%sghsa-9fcc-425m-g385_002.bat
48"&notepad.exe
49%sghsa-9fcc-425m-g385_002.bat
50"&notepad.exe
51
52Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d
53%sghsa-9fcc-425m-g385_002.bat
54"&notepad.exe
55%sghsa-9fcc-425m-g385_002.bat
56"&notepad.exe
57
58Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d
59
60Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d
61
62Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d
63--CLEAN--
64<?php
65@unlink(__DIR__ . '/ghsa-9fcc-425m-g385_002.bat');
66?>
67