Full Disclosure mailing list archives
Re: Use After Free Vulnerabilities in unserialize()
From: Christian Kujau <lists () nerdbynature de>
Date: Wed, 16 Sep 2015 16:20:11 -0700 (PDT)
On Sat, 5 Sep 2015, Taoguang Chen wrote:
The PoC works on standard MacOSX 10.11 installation of PHP 5.4.43.
Has 10.11 been released yet? And MacOSX 10.10.5 already ships with PHP v5.5.27 $ php uafpoc.php Warning: Class __PHP_Incomplete_Class has no unserializer in uafpoc.php on line 20 bool(false) $ php -v PHP 5.5.27 (cli) (built: Jul 23 2015 00:21:59) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies -- BOFH excuse #394: Jupiter is aligned with Mars. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Use After Free Vulnerabilities in unserialize() Taoguang Chen (Sep 07)
- Re: Use After Free Vulnerabilities in unserialize() Taoguang Chen (Sep 07)
- Re: Use After Free Vulnerabilities in unserialize() Christian Kujau (Sep 16)