JOIN BREACHFORUMS TELEGRAM
CVE-2023-3824 - PHAR file handling
by Serious - Friday February 21, 2025 at 10:00 PM
Banned

Posts: 4
Threads: 4
Joined: Feb 2025
Reputation: 10
#1
Feb 21, 2025, 10:00 PM
If an attacker sends a malicious PHAR file into your app, they could trigger a buffer overflow and potentially run their own code on your server.
 
Why does this happen?  Huh -- This bug exists because PHP doesn’t properly handle PHAR metadata when it’s too big, leading to a stack buffer overflow.
PHP tries to load this metadata into a fixed-size buffer, but if the metadata is too large, it overflows Sick
 
POC: https://github.com/jhonnybonny/CVE-2023-3824


This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Attempting to sell IDs/real documents
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  New Zer0 Day Wordpress A3g00n 79 2,887 48 minutes ago
Last Post: baku
  {SECRET} DATABASE OF EXPLOITS lulagain 430 24,842 58 minutes ago
Last Post: baku
  new wordpress website takeover vuln (video + poc ) zinzeur 314 27,901 1 hour ago
Last Post: baku
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 66 2,945 Yesterday, 08:51 PM
Last Post: Yjuddur
  Acunetix Premium Cracked v24 Full Activated A3g00n 22 1,329 Yesterday, 09:22 AM
Last Post: Usercomplex

Forum Jump:


 Users browsing this forum: 1 Guest(s)