Re: Use After Free Vulnerabilities in unserialize()

[Christian Kujau <lists () nerdbynature de>]

On Sat, 5 Sep 2015, Taoguang Chen wrote:
> The PoC works on standard MacOSX 10.11 installation of PHP 5.4.43.

Has 10.11 been released yet? And MacOSX 10.10.5 already ships with PHP 
v5.5.27

$ php uafpoc.php
Warning: Class __PHP_Incomplete_Class has no unserializer in uafpoc.php on line 20
bool(false)

$ php -v
PHP 5.5.27 (cli) (built: Jul 23 2015 00:21:59) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies


-- 
BOFH excuse #394:

Jupiter is aligned with Mars.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/