Added new Monolog POP chain: Monolog/RCE10

[0xb120]

This chain is a variation of Monolog/RCE5 and Monolog/RCE6. It uses a proc_open sink inside ProcessHandler, which executes arbitrary commands serialized within the deserialized object.
Kill chain:

FingersCrossedHandler::__destruct()   [Handler base]
→ close()
    → flushBuffer()
        passthruLevel = 500 (non-null) → filter runs
        buffer[0]["level"] = 500 >= 500 → record passes
        getHandler() → ProcessHandler (already HandlerInterface) returned directly
        ProcessHandler::handleBatch([$record])
            → AbstractProcessingHandler::handle($record)
                isHandling(): 500 >= 100 → true
                getFormatter() → null → new LineFormatter()
                LineFormatter::format($record)   ← DateTimeImmutable in record["datetime"]
                ProcessHandler::write($record)
                ensureProcessIsStarted()
                    is_resource(null) = false → startProcess()
                    proc_open($command, ...)    ← OS COMMAND EXECUTED

[TheFozl]

Does it works above 2.7.0 ?

[0xb120]

Does it works above 2.7.0 ?

Yes, but not out of the box from this gadget class. You need to implement some V3-specific classes to match the new Monolog's classes structure. In the coming days, I will implement a feature to choose which Monolog major version to target