Metasploit mailing list archives
Metasploit 3 module for PHP < 4.5.0 unserialize() bug
From: a10n3.s7r1k3r at gmail.com (Kashif Iftikhar)
Date: Tue, 13 Mar 2007 06:44:56 +0000
Here is the output on Linux 2.6.20 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Linux version 2.6.20 (root@*******) (gcc version 3.4.6) #4 Wed Feb 14 23:40:45 GMT 2007 08048000-0808c000 r-xp 00000000 03:01 81294 /usr/sbin/httpd 0808c000-08093000 rwxp 00044000 03:01 81294 /usr/sbin/httpd 08093000-0815a000 rwxp 08093000 00:00 0 [heap] b2d31000-b3132000 rwxp b2d31000 00:00 0 b3132000-b3179000 r-xp 00000000 03:01 188386 /usr/lib/mysql/libmysqlclient.so.15.0.0 b3179000-b3274000 rwxp 00046000 03:01 188386 /usr/lib/mysql/libmysqlclient.so.15.0.0 b3274000-b3275000 rwxp b3274000 00:00 0 b329a000-b529a000 rwxs 00000000 00:07 1769476 /SYSV00000000 (deleted) b529a000-b52b0000 r-xp 00000000 03:01 85262 /usr/lib/libsasl2.so.2.0.22 b52b0000-b52b1000 rwxp 00015000 03:01 85262 /usr/lib/libsasl2.so.2.0.22 b52b1000-b72b1000 rwxs 00000000 00:07 1736707 /SYSV00000000 (deleted) b72b1000-b72ba000 r-xp 00000000 03:01 67936 /lib/tls/libnss_files-2.3.6.so b72ba000-b72bc000 rwxp 00008000 03:01 67936 /lib/tls/libnss_files-2.3.6.so b72bc000-b72c4000 r-xp 00000000 03:01 67938 /lib/tls/libnss_nis-2.3.6.so b72c4000-b72c6000 rwxp 00007000 03:01 67938 /lib/tls/libnss_nis-2.3.6.so b72c6000-b72ce000 r-xp 00000000 03:01 67934 /lib/tls/libnss_compat-2.3.6.so b72ce000-b72d0000 rwxp 00007000 03:01 67934 /lib/tls/libnss_compat-2.3.6.so b72e4000-b73fb000 r-xp 00000000 03:01 154384 /usr/lib/libxml2.so.2.6.26 b73fb000-b7401000 rwxp 00116000 03:01 154384 /usr/lib/libxml2.so.2.6.26 b7401000-b7430000 r-xp 00000000 03:01 63237 /usr/lib/libidn.so.11.5.10 b7430000-b7431000 rwxp 0002f000 03:01 63237 /usr/lib/libidn.so.11.5.10 b7431000-b7467000 r-xp 00000000 03:01 62954 /usr/lib/libcurl.so.3.0.0 b7467000-b7468000 rwxp 00036000 03:01 62954 /usr/lib/libcurl.so.3.0.0 b7468000-b7540000 r-xp 00000000 03:01 3129 /lib/libcrypto.so.5 b7540000-b7552000 rwxp 000d8000 03:01 3129 /lib/libcrypto.so.5 b7552000-b7555000 rwxp b7552000 00:00 0 b7555000-b7580000 r-xp 00000000 03:01 3197 /lib/libssl.so.5 b7580000-b7583000 rwxp 0002a000 03:01 3197 /lib/libssl.so.5 b7583000-b7593000 r-xp 00000000 03:01 67940 /lib/tls/libresolv-2.3.6.so b7593000-b7595000 rwxp 0000f000 03:01 67940 /lib/tls/libresolv-2.3.6.so b7595000-b7597000 rwxp b7595000 00:00 0 b7597000-b75ae000 r-xp 00000000 03:01 63427 /usr/lib/libpcre.so.0.0.1 b75ae000-b75b5000 rwxp 00016000 03:01 63427 /usr/lib/libpcre.so.0.0.1 b75b5000-b75c4000 r-xp 00000000 03:01 3119 /lib/libbz2.so.1.0.3 b75c4000-b75c5000 rwxp 0000f000 03:01 3119 /lib/libbz2.so.1.0.3 b75c5000-b75ca000 r-xp 00000000 03:01 208878 /usr/lib/libgdbm.so.3.0.0 b75ca000-b75cb000 rwxp 00004000 03:01 208878 /usr/lib/libgdbm.so.3.0.0 b75cb000-b769d000 r-xp 00000000 03:01 3132 /lib/libdb-4.2.so b769d000-b769f000 rwxp 000d2000 03:01 3132 /lib/libdb-4.2.so b769f000-b76bb000 r-xp 00000000 03:01 63280 /usr/lib/libjpeg.so.62.0.0 b76bb000-b76bc000 rwxp 0001b000 03:01 63280 /usr/lib/libjpeg.so.62.0.0 b76bc000-b76f4000 r-xp 00000000 03:01 208932 /usr/lib/libpng.so.3.1.2.12 b76f4000-b76f5000 rwxp 00037000 03:01 208932 /usr/lib/libpng.so.3.1.2.12 b76f5000-b7757000 r-xp 00000000 03:01 129516 /usr/lib/libfreetype.so.6.3.8 b7757000-b775a000 rwxp 00062000 03:01 129516 /usr/lib/libfreetype.so.6.3.8 b775a000-b7784000 r-xp 00000000 03:01 83070 /usr/local/lib/libgmp.so.3.3.3 b7784000-b7785000 rwxp 0002a000 03:01 83070 /usr/local/lib/libgmp.so.3.3.3 b7785000-b77ba000 r-xp 00000000 03:01 63298 /usr/lib/libldap-2.3.so.0.2.15 b77ba000-b77bb000 rwxp 00034000 03:01 63298 /usr/lib/libldap-2.3.so.0.2.15 b77bb000-b77f7000 r-xp 00000000 03:01 63327 /usr/lib/libmhash.so.2.0.0 b77f7000-b77f8000 rwxp 0003c000 03:01 63327 /usr/lib/libmhash.so.2.0.0 b7803000-b780f000 rwxs 00000000 00:07 1802245 /SYSV00000000 (deleted) b780f000-b7811000 r-xp 00000000 03:01 195970 /usr/lib/php/extensions/gettext.so b7811000-b7812000 rwxp 00002000 03:01 195970 /usr/lib/php/extensions/gettext.so b7812000-b781c000 r-xp 00000000 03:01 195971 /usr/lib/php/extensions/mysql.so b781c000-b781d000 rwxp 00009000 03:01 195971 /usr/lib/php/extensions/mysql.so b781d000-b782f000 r-xp 00000000 03:01 67933 /lib/tls/libnsl-2.3.6.so b782f000-b7831000 rwxp 00011000 03:01 67933 /lib/tls/libnsl-2.3.6.so b7831000-b7833000 rwxp b7831000 00:00 0 b7834000-b7845000 r-xp 00000000 03:01 63735 /usr/lib/libz.so.1.2.3 b7845000-b7846000 rwxp 00010000 03:01 63735 /usr/lib/libz.so.1.2.3 b7846000-b7851000 r-xp 00000000 03:01 92736 /usr/lib/liblber-2.3.so.0.2.15 b7851000-b7852000 rwxp 0000a000 03:01 92736 /usr/lib/liblber-2.3.so.0.2.15 b7852000-b7855000 r-xp 00000000 03:01 154527 /usr/lib/libmm.so.14.0.22 b7855000-b7856000 rwxp 00003000 03:01 154527 /usr/lib/libmm.so.14.0.22 b7856000-b7c38000 r-xp 00000000 03:01 195977 /usr/libexec/apache/libphp4.so b7c38000-b7c77000 rwxp 003e2000 03:01 195977 /usr/libexec/apache/libphp4.so b7c77000-b7c92000 rwxp b7c77000 00:00 0 b7c92000-b7c94000 r-xp 00000000 03:01 81301 /usr/libexec/apache/mod_setenvif.so b7c94000-b7c95000 rwxp 00001000 03:01 81301 /usr/libexec/apache/mod_setenvif.so b7c95000-b7c97000 r-xp 00000000 03:01 212277 /usr/libexec/apache/mod_log_forensic.so b7c97000-b7c98000 rwxp 00001000 03:01 212277 /usr/libexec/apache/mod_log_forensic.so b7c98000-b7c9a000 r-xp 00000000 03:01 81310 /usr/libexec/apache/mod_usertrack.so b7c9a000-b7c9b000 rwxp 00002000 03:01 81310 /usr/libexec/apache/mod_usertrack.so b7c9b000-b7c9c000 r-xp 00000000 03:01 212291 /usr/libexec/apache/mod_headers.so b7c9c000-b7c9d000 rwxp 00000000 03:01 212291 /usr/libexec/apache/mod_headers.so b7c9d000-b7c9f000 r-xp 00000000 03:01 81303 /usr/libexec/apache/mod_expires.so b7c9f000-b7ca0000 rwxp 00001000 03:01 81303 /usr/libexec/apache/mod_expires.so b7ca0000-b7ca2000 r-xp 00000000 03:01 81302 /usr/libexec/apache/mod_cern_meta.so b7ca2000-b7ca3000 rwxp 00001000 03:01 81302 /usr/libexec/apache/mod_cern_meta.so b7ca3000-b7cb8000 r-xp 00000000 03:01 212275 /usr/libexec/apache/libproxy.so b7cb8000-b7cb9000 rwxp 00015000 03:01 212275 /usr/libexec/apache/libproxy.so b7cb9000-b7cbb000 r-xp 00000000 03:01 212290 /usr/libexec/apache/mod_digest.so b7cbb000-b7cbc000 rwxp 00001000 03:01 212290 /usr/libexec/apache/mod_digest.so b7cbc000-b7cbe000 r-xp 00000000 03:01 212268 /usr/libexec/apache/mod_auth_dbm.so b7cbe000-b7cbf000 rwxp 00001000 03:01 212268 /usr/libexec/apache/mod_auth_dbm.so b7cbf000-b7cc0000 r-xp 00000000 03:01 212289 /usr/libexec/apache/mod_auth_anon.so b7cc0000-b7cc1000 rwxp 00000000 03:01 212289 /usr/libexec/apache/mod_auth_anon.so b7cc1000-b7cc3000 r-xp 00000000 03:01 81308 /usr/libexec/apache/mod_auth.so b7cc3000-b7cc4000 rwxp 00001000 03:01 81308 /usr/libexec/apache/mod_auth.so b7cc4000-b7cc6000 r-xp 00000000 03:01 81304 /usr/libexec/apache/mod_access.so b7cc6000-b7cc7000 rwxp 00001000 03:01 81304 /usr/libexec/apache/mod_access.so b7cc7000-b7cd3000 r-xp 00000000 03:01 212284 /usr/libexec/apache/mod_rewrite.so b7cd3000-b7cd4000 rwxp 0000c000 03:01 212284 /usr/libexec/apache/mod_rewrite.so b7cd4000-b7cd6000 r-xp 00000000 03:01 212279 /usr/libexec/apache/mod_alias.so b7cd6000-b7cd7000 rwxp 00001000 03:01 212279 /usr/libexec/apache/mod_alias.so b7cd7000-b7cd9000 r-xp 00000000 03:01 212283 /usr/libexec/apache/mod_userdir.so b7cd9000-b7cda000 rwxp 00001000 03:01 212283 /usr/libexec/apache/mod_userdir.so b7cda000-b7cdc000 r-xp 00000000 03:01 212281 /usr/libexec/apache/mod_speling.so b7cdc000-b7cdd000 rwxp 00001000 03:01 212281 /usr/libexec/apache/mod_speling.so b7cdd000-b7cde000 r-xp 00000000 03:01 212271 /usr/libexec/apache/mod_actions.so b7cde000-b7cdf000 rwxp 00001000 03:01 212271 /usr/libexec/apache/mod_actions.so b7cdf000-b7ce2000 r-xp 00000000 03:01 81309 /usr/libexec/apache/mod_imap.so b7ce2000-b7ce3000 rwxp 00003000 03:01 81309 /usr/libexec/apache/mod_imap.so b7ce3000-b7ce4000 r-xp 00000000 03:01 81306 /usr/libexec/apache/mod_asis.so b7ce4000-b7ce5000 rwxp 00000000 03:01 81306 /usr/libexec/apache/mod_asis.so b7ce5000-b7ce8000 r-xp 00000000 03:01 212285 /usr/libexec/apache/mod_cgi.so b7ce8000-b7ce9000 rwxp 00002000 03:01 212285 /usr/libexec/apache/mod_cgi.so b7ce9000-b7cea000 r-xp 00000000 03:01 212287 /usr/libexec/apache/mod_dir.so b7cea000-b7ceb000 rwxp 00001000 03:01 212287 /usr/libexec/apache/mod_dir.so b7ceb000-b7cf1000 r-xp 00000000 03:01 212282 /usr/libexec/apache/mod_autoindex.so b7cf1000-b7cf2000 rwxp 00005000 03:01 212282 /usr/libexec/apache/mod_autoindex.so b7cf2000-b7cfa000 r-xp 00000000 03:01 212286 /usr/libexec/apache/mod_include.so b7cfa000-b7cfb000 rwxp 00007000 03:01 212286 /usr/libexec/apache/mod_include.so b7cfb000-b7cff000 r-xp 00000000 03:01 192176 /usr/libexec/apache/mod_info.so b7cff000-b7d00000 rwxp 00003000 03:01 192176 /usr/libexec/apache/mod_info.so b7d00000-b7d01000 rwxp b7d00000 00:00 0 b7d01000-b7e2a000 r-xp 00000000 03:01 67928 /lib/tls/libc-2.3.6.so b7e2a000-b7e2b000 r-xp 00128000 03:01 67928 /lib/tls/libc-2.3.6.so b7e2b000-b7e2e000 rwxp 00129000 03:01 67928 /lib/tls/libc-2.3.6.so b7e2e000-b7e31000 rwxp b7e2e000 00:00 0 b7e31000-b7e33000 r-xp 00000000 03:01 67931 /lib/tls/libdl-2.3.6.so b7e33000-b7e35000 rwxp 00001000 03:01 67931 /lib/tls/libdl-2.3.6.so b7e35000-b7e53000 r-xp 00000000 03:01 129521 /usr/lib/libexpat.so.0.5.0 b7e53000-b7e55000 rwxp 0001e000 03:01 129521 /usr/lib/libexpat.so.0.5.0 b7e55000-b7f50000 r-xp 00000000 03:01 171907 /lib/libdb-4.4.so b7f50000-b7f53000 rwxp 000fb000 03:01 171907 /lib/libdb-4.4.so b7f53000-b7f58000 r-xp 00000000 03:01 67930 /lib/tls/libcrypt-2.3.6.so b7f58000-b7f5a000 rwxp 00004000 03:01 67930 /lib/tls/libcrypt-2.3.6.so b7f5a000-b7f81000 rwxp b7f5a000 00:00 0 b7f81000-b7fa2000 r-xp 00000000 03:01 67932 /lib/tls/libm-2.3.6.so b7fa2000-b7fa4000 rwxp 00020000 03:01 67932 /lib/tls/libm-2.3.6.so b7fa5000-b7fa9000 r-xp 00000000 03:01 212278 /usr/libexec/apache/mod_status.so b7fa9000-b7faa000 rwxp 00003000 03:01 212278 /usr/libexec/apache/mod_status.so b7faa000-b7fb0000 r-xp 00000000 03:01 81307 /usr/libexec/apache/mod_negotiation.so b7fb0000-b7fb1000 rwxp 00005000 03:01 81307 /usr/libexec/apache/mod_negotiation.so b7fb1000-b7fb4000 r-xp 00000000 03:01 212280 /usr/libexec/apache/mod_mime.so b7fb4000-b7fb5000 rwxp 00002000 03:01 212280 /usr/libexec/apache/mod_mime.so b7fb5000-b7fba000 r-xp 00000000 03:01 212276 /usr/libexec/apache/mod_mime_magic.so b7fba000-b7fbb000 rwxp 00004000 03:01 212276 /usr/libexec/apache/mod_mime_magic.so b7fbb000-b7fbe000 r-xp 00000000 03:01 212272 /usr/libexec/apache/mod_log_config.so b7fbe000-b7fbf000 rwxp 00002000 03:01 212272 /usr/libexec/apache/mod_log_config.so b7fbf000-b7fc1000 r-xp 00000000 03:01 212273 /usr/libexec/apache/mod_define.so b7fc1000-b7fc2000 rwxp 00001000 03:01 212273 /usr/libexec/apache/mod_define.so b7fc2000-b7fc3000 r-xp 00000000 03:01 212288 /usr/libexec/apache/mod_env.so b7fc3000-b7fc4000 rwxp 00000000 03:01 212288 /usr/libexec/apache/mod_env.so b7fc4000-b7fc6000 r-xp 00000000 03:01 212270 /usr/libexec/apache/mod_vhost_alias.so b7fc6000-b7fc7000 rwxp 00001000 03:01 212270 /usr/libexec/apache/mod_vhost_alias.so b7fc8000-b7fc9000 rwxp b7fc8000 00:00 0 b7fc9000-b7fcd000 r-xp 00000000 03:01 224106 /lib/libsafe.so.2.0.16 b7fcd000-b7fce000 rwxp 00003000 03:01 224106 /lib/libsafe.so.2.0.16 b7fce000-b7fcf000 rwxp b7fce000 00:00 0 b7fcf000-b7fe5000 r-xp 00000000 03:01 67954 /lib/ld-2.3.6.so b7fe5000-b7fe7000 rwxp 00015000 03:01 67954 /lib/ld-2.3.6.so bfa9c000-bfab0000 rwxp bfa9c000 00:00 0 [stack] bfab0000-bfab2000 rw-p bfab0000 00:00 0 ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -Kashif.
Current thread:
- Metasploit 3 module for PHP < 4.5.0 unserialize() bug H D Moore (Mar 10)
- Metasploit 3 module for PHP < 4.5.0 unserialize() bug Kashif Iftikhar (Mar 12)
- Metasploit 3 module for PHP < 4.5.0 unserialize() bug Kashif Iftikhar (Mar 13)
- Metasploit 3 module for PHP < 4.5.0 unserialize() bug H D Moore (Mar 17)
- Metasploit 3 module for PHP < 4.5.0 unserialize() bug Kashif Iftikhar (Mar 12)