CVE-2015-6835 PoC — PHP‘php_var_unserialize()’函数安全漏洞

Source

https://github.com/ockeghem/CVE-2015-6835-checker

Associated Vulnerability

Title:PHP‘php_var_unserialize()’函数安全漏洞 (CVE-2015-6835)
Description:PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。 PHP的会话反序列化程序中存在安全漏洞，该漏洞源于程序没有正确处理多个php_var_unserialize调用。远程攻击者可借助特制的会话内容利用该漏洞执行任意代码，或造成拒绝服务（释放后重用）。以下版本受到影响：PHP 5.4.45之前版本，5.5.29之前5.5.x版本，5.6.13之前

Readme

# CVE-2015-6835-checker

File Snapshot


 [4.0K]  /data/pocs/57f40d69050230b9458209204d4608299a0bdcf4
├── [ 358]  CVE-2015-6835.php
└── [  24]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!