[framework] [PHP_Exploit]Problem
H D Moore
hdm at metasploit.com
Fri Jun 1 08:46:52 CDT 2007
A few things to check:
* The target is running 32-bit x86
* The heap area is marked executable or the CPU does not support NX
* Hardening patches, like grsec, have not been installed
Finally, if you can, cat /proc/[pid of apache child that has handled
PHP]/maps and look at the first [heap] segment. Make sure this matches up
with your target parameters.
-HD
On Friday 01 June 2007 08:41, FOULON Pascal wrote:
> I have a problem with the php_unserialize_zval_cookie exploit.
> I ran it versus:
> Debian 4.0_r0
> Apache 1.3.34
> PHP 4.4.4-8+etch3
> PhpBB
> PunBB
>
> The exploit brute force the ret address, and finish without any shell.
> I tried to lower the step for the brute force, but nothing happend
> more.
>
> I checked, and this version of php is vuln.
>
> Could you help me on this?
More information about the framework
mailing list