PHP 5 ecalloc memory manager unserialize() array integer overflow proof of concept exploit.
d4d2a7ebf01f65bf0871fe99b935491efb8bb3a3e3e029d5317331679ec0f317This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".
9911ce27bffaa90bdbd0d7a764559440c9b73d2a107c14d2ddcf46c3708a6749This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.
da0008da963d30190b80ec624d76b37a43a7996230c2eda836dbddf9adef1f96This Metasploit module exploits a vulnerability found in PHP Volunteer Management System, versions 1.0.2 and prior. This application has an upload feature that allows an authenticated user to upload anything to the 'uploads' directory, which is actually reachable by anyone without a credential. An attacker can easily abuse this upload functionality first by logging in with the default credential (admin:volunteer), upload a malicious payload, and then execute it by sending another GET request.
a9247fc86c26d352083bf798cdd011abca8e533b47fe3653ae48f91b1a8c9e3bWhen run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary."
b19f8f4342eff5bad4cc51580c640170655b2809104d5e7835692a1eb116a923PHP versions 5.3.10 and 5.4.0 suffer from a cross site scripting vulnerability when display_errors is set to on and html_errors is set to on.
045dd019320c71cb81f5b97a0acf804293d0d1c9b041d0f7f586853578b51c32This Linux/x86 shellcode searches .php files and injects a PHP backdoor into them.
083be87460a5024c26d79b3f9143ff66d4099a6b438b7ea88f793822bed39c10This whitepaper is called Local Session Poisoning in PHP Part 3: Bypassing Suhosin's Session Encryption.
b4c2757edc23926772d3931a43343d42a16d61a0d0eeaf402605d9c79122b967This whitepaper is called Local Session Poisoning in PHP Part 2: Promiscuous Session Files.
a5b53f4b5bd46c66cfc9ad3a8d7d286455bc7a43f332c3b1e6ccb2290c69cb84This whitepaper is called Local Session Poisoning in PHP Part 1: The Basics of Exploitation and How to Secure a Server.
c245f17fa9754ac7a72df98693b35929e796d3a655aeb50b5fa88d746027aa9eBrief write up with a proof of concept explaining local session snooping in PHP.
a84ca642d685d472d8bdfa3fa84d30b724025d72ebec2bae38b90f52fc241d78Brief write up with a proof of concept explaining local session hijacking in PHP.
c5099b1e7690d5d716238987cd3fe94c2ec425e441ee4155e5d47e1f6cad678eSmall whitepaper detailing simple methodologies surrounding PHP trojans.
6af6687dfb6f63aecb232c3f8a37be1090352507eda4e8000e630ee071dcc16cWhitepaper called PHP RFI Prevention. Written in Turkish.
9b285f924d3fec07f867d5721ad0668203170946fe83e8003360acbb89f9619fThis Metasploit module exploits various php include vulnerabilities.
e357d04e020edf1f4d458c10f229063fd076425a03411ffdd5eba7edcc75455aPHP MultiPart Form-Data denial of service proof of concept exploit.
56ed6bc37b2f5f076954de0fda0f42085950231ca16763028f6e873710289eeaThis Metasploit module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki.
74661987981d6b9dcef06ec55c6a9cc16d40945f635c122f6a84bdf7a7d57158This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected.
48bc9a7f494787739544970c6c99713c4b117e44e8d9158a5aec89776fe41a8cThis Metasploit module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected.
fa3b7c956cd40ecf976491e6947389c4105b5b3887700ed3c774711a1b161525PHP168 version 6.0 suffers from a remote command execution vulnerability.
7d3ac50b84ef1608fd1f5fe0d8857116e4802f6cc6d2420ed0136ca88706a75aThis Metasploit module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension.
436f0bc029967671da472d8ca912c40b8636846cfd3d8f81e3a0fd1d8a030e1fPHP versions 5.2.10 and 5.3.0 suffer from a memory disclosure vulnerability.
3d596b7080a1f32c18d2373f6501a9c540935c67cdcee3b3d4fa38ba096362d2Whitepaper called State Of The Art Post Exploitation In Hardened PHP Environments.
7928c94b9af3be5e10b1f29f0a78a75c860ab2291068409148ffbbe3e6f3808fPHP Fuzzing In Action - 20 Ways To Fuzz PHP Source Code.
c801fa5bcab877511e3678eea2660852faecbdbf87a4d6cdc8d0712f8ed2e458This Metasploit module is for OpenHelpDesk version 1.0.100 that is vulnerability to php code execution to an improper use of eval().
790a572fa2eaf8a14620e19f2985d1b25f1ddb1857ea163771dbd4fb5f3c3ffePHP Autorooter that encodes exploits in Base64 and then decodes them and compiles them with gcc.
dad858b67667d67dc91c0c6bb8aa6779134347d2029f21d5bec096a6b7bcf35d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed