begood Posted July 3, 2010 Report Posted July 3, 2010 Hello everyone !Today, i’m going to talk about the latest PHP vulnerability discovered by Stefan Esser and published on the 25 of june. You can read the advisory here. Esser did not publish many informations regarding this new vulnerability because of its « dangerous nature », and probably the fact that it’s still unpatched. He only posted few indications and the output of a working exploit without its source code. I never myself really looked into the interpreter’s source code, and decided this was the perfect opportunity to start. According to the advisory, the vulnerability is caused by the way SPLObjectStorage handle unserialization.For those of you who are not familiar with PHP, the serialize() function allows you to convert native php data types (arrays, objects) to a string. unserialize do the opposite and convert a string to a php variable. Those two functions are straightforward to use: read it all here : Nibbles microblog Pwning PHP for fun and chocapicz Quote
The Dev!L Posted July 3, 2010 Report Posted July 3, 2010 thanx boos for this information .. best wishes Quote
michee Posted January 12, 2011 Report Posted January 12, 2011 ok, am si eu o intrebare.....a inteles cineva asta cap coada? As avea si eu cateva mici intrebari daca se poate....1) Cum e suprascris zval-ul care a foss free-d?2) Cum se paseaza parametrul lui system de la sfarsit?Mersi. Quote
