Mageia Bugzilla – Attachment 2469 Details for
Bug 6354
php new security issues CVE-2012-2386 and CVE-2012-2143
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
PoC test against CVE-2012-2143
php-poc.txt (text/plain), 1.05 KB, created by
William Murphy
on 2012-06-18 12:10:24 CEST
(
hide
)
Description:
PoC test against CVE-2012-2143
Filename:
MIME Type:
Creator:
William Murphy
Created:
2012-06-18 12:10:24 CEST
Size:
1.05 KB
patch
obsolete
>Found PoC test code for CVE-2012-2143 at: >http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34 > >Ran this code fragment from the php cli: ><?php >echo "\n PoC Test:\n"; >var_dump(crypt("Ã1234abcd", "99")); >var_dump(crypt("Ã9234abcd", "99")); >var_dump(crypt("Ã1234abcd", "_01234567")); >var_dump(crypt("Ã9234abcd", "_01234567")); >echo ' >--EXPECT-- >string(13) "99PxawtsTfX56" >string(13) "99jcVcGxUZOWk" >string(20) "_01234567IBjxKliXXRQ" >string(20) "_012345678OSGpGQRVHA" >'; >?> > >Before Update: > PoC Test: >string(13) "995Glo6koPf56" >string(13) "995Glo6koPf56" >string(20) "_01234567./Lf05Qb1B6" >string(20) "_01234567Owpd.9kStw." > >--EXPECT-- >string(13) "99PxawtsTfX56" >string(13) "99jcVcGxUZOWk" >string(20) "_01234567IBjxKliXXRQ" >string(20) "_012345678OSGpGQRVHA" > >After Update: > PoC Test: >string(13) "99PxawtsTfX56" >string(13) "99jcVcGxUZOWk" >string(20) "_01234567IBjxKliXXRQ" >string(20) "_012345678OSGpGQRVHA" > >--EXPECT-- >string(13) "99PxawtsTfX56" >string(13) "99jcVcGxUZOWk" >string(20) "_01234567IBjxKliXXRQ" >string(20) "_012345678OSGpGQRVHA"
Found PoC test code for CVE-2012-2143 at: http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34 Ran this code fragment from the php cli: <?php echo "\n PoC Test:\n"; var_dump(crypt("Ã1234abcd", "99")); var_dump(crypt("Ã9234abcd", "99")); var_dump(crypt("Ã1234abcd", "_01234567")); var_dump(crypt("Ã9234abcd", "_01234567")); echo ' --EXPECT-- string(13) "99PxawtsTfX56" string(13) "99jcVcGxUZOWk" string(20) "_01234567IBjxKliXXRQ" string(20) "_012345678OSGpGQRVHA" '; ?> Before Update: PoC Test: string(13) "995Glo6koPf56" string(13) "995Glo6koPf56" string(20) "_01234567./Lf05Qb1B6" string(20) "_01234567Owpd.9kStw." --EXPECT-- string(13) "99PxawtsTfX56" string(13) "99jcVcGxUZOWk" string(20) "_01234567IBjxKliXXRQ" string(20) "_012345678OSGpGQRVHA" After Update: PoC Test: string(13) "99PxawtsTfX56" string(13) "99jcVcGxUZOWk" string(20) "_01234567IBjxKliXXRQ" string(20) "_012345678OSGpGQRVHA" --EXPECT-- string(13) "99PxawtsTfX56" string(13) "99jcVcGxUZOWk" string(20) "_01234567IBjxKliXXRQ" string(20) "_012345678OSGpGQRVHA"
View Attachment As Raw
Actions:
View
Attachments on
bug 6354
:
2458
| 2469