CVE-2018-10546 PoC — PHP 安全漏洞

Source

https://github.com/dsfau/CVE-2018-10546

Associated Vulnerability

Title:PHP 安全漏洞 (CVE-2018-10546)
Description:PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。 PHP中存在安全漏洞，该漏洞源于iconv流过滤器没有过滤无效的多字节序列。攻击者可利用该漏洞造成绝服务（无限循环）。以下版本受到影响：PHP 5.6.36之前版本，7.0.30之前的7.0.x版本，7.1.17之前的7.1.x版本，7.2.5之前的7.2.x版本。

Readme

# CVE-2018-10546
A user can create specially crafted data that, when processed using a stream filter with 'convert.iconv.*', will cause the target application to enter an infinite loop and consume excessive CPU resources [CVE-2018-10546].

The specific impact of these vulnerabilities depends on the applications that use the affected functions or services.

File Snapshot


 [4.0K]  /data/pocs/649f9387af5abbecc8ff9d3e5cf9a33ab8768d3c
├── [ 199]  PoC.php
└── [ 358]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!