PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

OffSec Team

0 min read

An interesting submission to the Exploit Database today from the guys at ~~http://www.nullbyte.org.il~~ – a PHP 6.0 0day buffer overflow.

From the exploit comments:
## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC ## Take a look, 'unicode.semantics' has to be on! ## php.ini > unicode.semantics = on

Their exploit code was tested and verified by the EDB team – check it here.

Research & Tutorials

My Journey with IR-200: Becoming an OffSec Certified Incident Responder (OSIR)

Embark on a journey to become an OffSec Certified Incident Responder (OSIR) through the IR-200 course, as described by a Student Mentor who tested its effectiveness.

Jan 24, 2025

6 min read

Research & Tutorials

A Student Mentor’s TH-200 and OSTH Learning Experience

Explore the TH-200 course & OSTH exam with an OffSec Mentor’s insights on mastering threat hunting skills.

Jan 24, 2025

9 min read

OffSec News

OffSec Yearly Recap 2024

Join us as we explore all our successes in 2024, including exciting new content, courses, and so much more!

Dec 23, 2024

8 min read

View all blogs

Sign up for OffSec newsletters

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

Latest from OffSec

My Journey with IR-200: Becoming an OffSec Certified Incident Responder (OSIR)

A Student Mentor’s TH-200 and OSTH Learning Experience

OffSec Yearly Recap 2024