WARNING! Fake news / Disputed / BOGUS

PHP Buffer Overflow(popen)

2009.01.12
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

Apache 2.2.11/PHP 5.2.8 Buffer Overflow Exploit (popen func) Type: Remote and Local Requirements for exploit: popen() enabled. By: e.wiZz! Enes M; ew1zz_at_hotmail&#46;com PHP Popen() function overview: Popen function in php opens a pipe to a process executed by forking the command given by command. It was implementet since PHP 4 version. popen ( string $command_to_execute , string $mode ) Second argument is vulnerable to buffer overflow.Reason why i mentioned Apache here,is because when we execute poc.php Apache HTTP server crash without any report in error log.You can test on WAMP too,on CLI or browser. Tested on: PHP 5.2.8/4.2.1/4.2.0 Apache 2.2.11 PoC: <?php $____buff=str_repeat("A",9999); $handle = popen('/whatever/', $____buff); echo $handle; ?>

References:

http://seclists.org/bugtraq/2009/Jan/0073.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top