E21-zyxy1
False Positive:
t
Variants:
1
Year:
2015
Description
This strike exploits an integer overflow in the PHP ftp_genlist function which might lead to remote code execution. A remote attacker can exploit this vulnerability by forcing a PHP server connect to a FTP server controlled by the attacker. The PHP server connects to the FTP server and performs a LIST request which result in a big buffer being sent by the FTP server controlled by the attacker . Successful exploitation could result in code execution on the server which is running PHP.
Note: This strike does not include the PHP request and the buffer sent by the attacker is smaller than the real one.