PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to the Exploit Database today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

PHP 0-day

From the exploit comments:

## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC
## Take a look, 'unicode.semantics' has to be on!
## php.ini > unicode.semantics = on

Their exploit code was tested and verified by the EDB team – check it here.

New for 2021

Windows User Mode Exploit Development (EXP-301)

Window User Mode Exploit Development (EXP-301)

Learn how to write your own custom exploits in this intermediate-level course.

Earn your OSED

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb