Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)

www.ambionics.io

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)

www.ambionics.io

symfonystation@kbin.social to

PHP@kbin.social · 1 month ago

A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.

A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn’t provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.

You must log in or register to comment.

Chat