CVE-2007-1649

PHP 5.2.1 - Heap Memory Disclosure via Serialized Data Input

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1649. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit demonstrates a PHP 5.2.1 unserialize() information leak vulnerability by crafting a malicious serialized string to dump heap memory contents. The PoC includes a protection line to prevent accidental execution and provides a detailed heap dump output.

Description

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phplocalmultiple

https://www.exploit-db.com/exploits/3559

View Code ZIP pw:eip

This exploit demonstrates a PHP 5.2.1 unserialize() information leak vulnerability by crafting a malicious serialized string to dump heap memory contents. The PoC includes a protection line to prevent accidental execution and provides a detailed heap dump output.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: PHP 5.2.1

No auth needed

Prerequisites: PHP 5.2.1 environment · Ability to execute arbitrary PHP code

MITRE ATT&CK