PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to the Exploit Database today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

PHP 0-day

From the exploit comments:

## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC
## Take a look, 'unicode.semantics' has to be on!
## php.ini > unicode.semantics = on

Their exploit code was tested and verified by the EDB team – check it here.

NEW FOR 2020

Evasion Techniques and Breaching Defenses (PEN-300)

Evasion Techniques and Breaching Defenses (PEN-300)

Take your penetration testing skills to the next level with advanced techniques and methods.

Earn your OSEP

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb