diff options
author | Stanislav Malyshev <stas@php.net> | 2016-02-21 23:45:57 -0800 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-02-21 23:45:57 -0800 |
commit | eaf4e77190d402ea014207e9a7d5da1a4f3727ba (patch) | |
tree | 2c64fdc7f521f11ea78ee40b8a898134147e6cd1 /ext/soap/tests | |
parent | 57b997ebf99e0eb9a073e0dafd2ab100bd4a112d (diff) | |
download | php-git-eaf4e77190d402ea014207e9a7d5da1a4f3727ba.tar.gz |
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Diffstat (limited to 'ext/soap/tests')
-rw-r--r-- | ext/soap/tests/bug71610.phpt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ext/soap/tests/bug71610.phpt b/ext/soap/tests/bug71610.phpt new file mode 100644 index 0000000000..4f1c7162ff --- /dev/null +++ b/ext/soap/tests/bug71610.phpt @@ -0,0 +1,15 @@ +--TEST-- +SOAP Bug #71610 - Type Confusion Vulnerability - SOAP / make_http_soap_request() +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php +$exploit = unserialize('O:10:"SoapClient":3:{s:3:"uri";s:1:"a";s:8:"location";s:19:"http://testuri.org/";s:8:"_cookies";a:1:{s:8:"manhluat";a:3:{i:0;s:0:"";i:1;N;i:2;N;}}}}'); +try { +$exploit->blahblah(); +} catch(SoapFault $e) { + echo $e->getMessage()."\n"; +} +?> +--EXPECT-- +looks like we got no XML document |