PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

OffSec Team

0 min read

An interesting submission to the Exploit Database today from the guys at ~~http://www.nullbyte.org.il~~ – a PHP 6.0 0day buffer overflow.

From the exploit comments:
## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC ## Take a look, 'unicode.semantics' has to be on! ## php.ini > unicode.semantics = on

Their exploit code was tested and verified by the EDB team – check it here.

Insights

Empowering Women in Cybersecurity: How Education and Training Are Key

While women represent only 24% of the cybersecurity workforce, hands-on training is changing the game.

Feb 28, 2025

5 min read

Insights

Women in Cybersecurity Leadership: Inspiring Role Models at the Top

Celebrate Women’s History Month by recognizing the women shaping cybersecurity and driving innovation in the industry.

Feb 24, 2025

11 min read

Federal

Addressing the Unique Cybersecurity Challenges Faced by Government Agencies

Explore the unique cybersecurity challenges government agencies face and how tailored strategies can protect national security and public trust.

Feb 12, 2025

8 min read

View all blogs

Sign up for OffSec newsletters

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

Latest from OffSec

Empowering Women in Cybersecurity: How Education and Training Are Key

Women in Cybersecurity Leadership: Inspiring Role Models at the Top

Addressing the Unique Cybersecurity Challenges Faced by Government Agencies