TUCoPS :: Web :: PHP :: va2270.htm

PHP Buffer Overflow(popen)
PHP Buffer Overflow(popen)
PHP Buffer Overflow(popen)


Apache 2.2.11/PHP 5.2.8 Buffer Overflow Exploit (popen func)=0D
=0D
Type: Remote and Local=0D
=0D
Requirements for exploit: popen() enabled.=0D
=0D
=0D
By: e.wiZz! Enes Mu=9Aić ew1zz@hotmail.com=0D 
=0D
=0D
PHP Popen() function overview:=0D
=0D
Popen function in php opens a pipe to a process executed by forking the command given by command.=0D
It was implementet since PHP 4 version.=0D
     popen ( string $command_to_execute , string $mode )=0D
=0D
Second argument is vulnerable to buffer overflow.Reason why i mentioned Apache here,is because=0D
when we execute poc.php Apache HTTP server crash without any report in error log.You can test on WAMP too,on CLI or browser.=0D
=0D
=0D
Tested on: PHP 5.2.8/4.2.1/4.2.0=0D
           Apache 2.2.11=0D
=0D
=0D
PoC:=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH