subject:"\[Full\-disclosure\] PHP 5 ecalloc memory manager unserialize\(\) array int overflow ia 32 bits poc"

Re: [Full-disclosure] PHP 5 ecalloc memory manager unserialize() array int overflow ia 32 bits poc

2006-10-18 Thread Slythers Bro

"ia 32 bits poc"poc = Proof Of ConceptOn 10/18/06, Josh Bressers < [EMAIL PROTECTED]> wrote:>> >> print_r(unserialize('a:1073741823:{i:0;s:30:"aa"}')); > ?>>> in function zend_hash_init() int overflow ( ecalloc() )-> heap overflow> here segfault in zend_hash_find() but

Re: [Full-disclosure] PHP 5 ecalloc memory manager unserialize() array int overflow ia 32 bits poc

2006-10-17 Thread Josh Bressers

> > > > print_r(unserialize('a:1073741823:{i:0;s:30:"aa"}')); > ?> > > in function zend_hash_init() int overflow ( ecalloc() )-> heap overflow > here segfault in zend_hash_find() but it's possible to fake the bucket and > exploit a zend_hash_del_index_or_key > i tr

[Full-disclosure] PHP 5 ecalloc memory manager unserialize() array int overflow ia 32 bits poc

2006-10-17 Thread Slythers Bro

print_r(unserialize('a:1073741823:{i:0;s:30:"aa"}'));?>in function zend_hash_init() int overflow ( ecalloc() )-> heap overflowhere segfault in zend_hash_find() but it's possible to fake the bucket and exploit a zend_hash_del_index_or_key i tried a memory dump , just

Re: [Full-disclosure] PHP 5 ecalloc memory manager unserialize() array int overflow ia 32 bits poc

Re: [Full-disclosure] PHP 5 ecalloc memory manager unserialize() array int overflow ia 32 bits poc

[Full-disclosure] PHP 5 ecalloc memory manager unserialize() array int overflow ia 32 bits poc

3 matches

Site Navigation

Mail list logo

Footer information