Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv(), by @cfreal_
The vulnerability and exploits are described in the following blogposts:
- Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1): PHP filters
- Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2): direct
iconv()calls, Roundcube - To be continued...
Exploits will become available as blogposts come out.