Returning Into The Php Interpreter - Remote Exploitation Of Memory Corruptions In Php Is Not Over, Yet. presented at SyScan 2010

by Stefan Esser,

Tags: Security Exploitation

Summary : Among web application security experts there is the popular believe that low level
vulnerabilities like buffer overflows and other kinds of memory corruption vulnerabilities
do not matter for web application security. In addition to that the increasing use of exploit
mitigation techniques on modern web servers make many believe that exploiting remote memory
corruptions in webserver software is over. But is it really?This talk will introduce the idea of returning into the PHP interpreter from memory corruption
vulnerabilities and discuss the requirements and feasibility of different ways to do that. This
idea will then be applied to a yet undisclosed PHP vulnerability, which is exposed to remote
attackers in several widespread PHP applications. Different aspects of this vulnerability will
be analyzed and it will be explained how they can be abused in remote information leak and memory
corruption exploits. The creation of such a remote code execution exploit will then be detailed step by step.