PHPWN Generic remote exploit techniques for the PHP allocator and 0Days presented at TyphoonCon 2022

by Charles Fol,

Summary : Although PHP has always been deemed insecure, finding and remotely exploiting binary bugs in its core is not a well documented subject.

Through this talk, I will aim to (partially, at least) solve this problem, by describing the internals of the PHP allocator and unraveling reusable, generic exploitation techniques for PHP’s heap. I’ll illustrate these techniques through the exploitation of two remote code execution 0-days targeting PHP.