CVE-2007-1522

PHP 5.2.0-5.2.1 - Remote Code Execution via Session Identifier Double Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1522. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit targets a double-free vulnerability in PHP 5's session handling (CVE-2007-1522) to achieve remote code execution via a bindshell. It uses heap manipulation and a custom error handler to overwrite memory addresses with shellcode.

Description

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phplocallinux

https://www.exploit-db.com/exploits/3480

View Code ZIP pw:eip

This exploit targets a double-free vulnerability in PHP 5's session handling (CVE-2007-1522) to achieve remote code execution via a bindshell. It uses heap manipulation and a custom error handler to overwrite memory addresses with shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: PHP 5.2.0 and later

No auth needed

Prerequisites: PHP 5.2.0 or later with session support enabled

MITRE ATT&CK