CVE-2011-1470

PHP < 5.3.6 - Denial of Service via ZipArchive Stream Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1470. PoCs published by paulgao.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in PHP's Zip extension by attempting to read a specific file within a JAR archive, which can cause the application to crash. The PoC leverages the `ZipArchive` class to trigger the vulnerability in versions prior to PHP 5.3.6.

Description

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by paulgao · phpdosphp

https://www.exploit-db.com/exploits/35484

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in PHP's Zip extension by attempting to read a specific file within a JAR archive, which can cause the application to crash. The PoC leverages the `ZipArchive` class to trigger the vulnerability in versions prior to PHP 5.3.6.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PHP Zip extension < 5.3.6

No auth needed

Prerequisites: A JAR file named 'test.jar' containing 'META-INF/MANIFEST.MF'

MITRE ATT&CK