CVE-2010-2094

PHP 5.3 - Format String Vulnerability in phar Extension

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2094. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit leverages a format-string vulnerability in PHP's Phar stream wrapper to trigger arbitrary memory reads, potentially leading to information disclosure or further exploitation. The PoC demonstrates the vulnerability by passing format specifiers to the 'phar://' stream wrapper.

Description

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · textremotephp

https://www.exploit-db.com/exploits/33988

View Code ZIP pw:eip

This exploit leverages a format-string vulnerability in PHP's Phar stream wrapper to trigger arbitrary memory reads, potentially leading to information disclosure or further exploitation. The PoC demonstrates the vulnerability by passing format specifiers to the 'phar://' stream wrapper.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PHP 5.3 through 5.3.2

No auth needed

Prerequisites: PHP 5.3 through 5.3.2 installed · Access to execute PHP code on the target system

MITRE ATT&CK