PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to the Exploit Database today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

PHP 0-day

From the exploit comments:

## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC
## Take a look, 'unicode.semantics' has to be on!
## php.ini > unicode.semantics = on

Their exploit code was tested and verified by the EDB team – check it here.

UPDATE FOR 2020

Advanced Web Attacks and Exploitation

Advanced Web Attacks and Exploitation (AWAE)

Learn white box web application penetration testing and advanced source code review methods. Now with 50% more content, including a black box module.

Earn your OSWE

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb