Among web application security experts there is the popular believe that low level vulnerabilities like buffer overflows and other kinds of memory corruption vulnerabilities do not matter for web application security. In addition to that the increasing use of exploit mitigation techniques on modern web servers make many believe that exploiting remote memory corruptions in webserver software is over. But is it really?
This talk will introduce the idea of returning into the PHP interpreter from memory corruption vulnerabilities and discuss the requirements and feasibility of different ways to do that. This idea will then be applied to a yet undisclosed PHP vulnerability, which is exposed to remote attackers in several widespread PHP applications. Different aspects of this vulnerability will be analyzed and it will be explained how they can be abused in remote information leak and memory corruption exploits. The creation of such a remote code execution exploit will then be detailed step by step.