This exploit demonstrates a memory corruption vulnerability in PHP's Phar extension (CVE-2016-4342) triggered by a filename containing a null byte. The PoC causes a segmentation fault due to invalid memory writes during Phar file processing.
Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:PHP 5.5.33 (Phar extension)
No auth needed
Prerequisites:Ability to execute PHP code with a crafted Phar filename