CVE-2006-0097

PHP 4.3.10-4.4.2 - Stack-Based Buffer Overflow via mysql_connect Host Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0097. PoCs published by mercenary.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in PHP 4.3.10 and 4.4.0 on Windows XP SP1. It leverages a CALL ESI instruction from ws2_32.dll to execute a Metasploit win32 bind shell payload on port 4444.

Description

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mercenary · phplocalwindows

https://www.exploit-db.com/exploits/1406

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in PHP 4.3.10 and 4.4.0 on Windows XP SP1. It leverages a CALL ESI instruction from ws2_32.dll to execute a Metasploit win32 bind shell payload on port 4444.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP 4.3.10, 4.4.0 on Windows XP SP1

No auth needed

Prerequisites: PHP 4.3.10 or 4.4.0 on Windows XP SP1 · MySQL connectivity enabled

MITRE ATT&CK