PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to the Exploit Database today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

PHP 0-day

From the exploit comments:

## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC
## Take a look, 'unicode.semantics' has to be on!
## php.ini > unicode.semantics = on

Their exploit code was tested and verified by the EDB team – check it here.

NEW!

Advanced Web Attacks and Exploitation (AWAE)

NOW AVAILABLE ONLINE! Advanced Web Attacks and Exploitation (AWAE).

You can now take OffSec’s most popular in-person training as an online course.

Earn your OSWE

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb