Footzo (php) priv8 v.1.0

<l337z h4x0rz>
c0de ......... : Footzo 
v3rs1on ... : v.1.0
c0ded by rg0d 1337 .it h4x0r 
inf0 ............:
 <[|]>
his is a fuzzer to find undisclosed buffer overflows in PHP functions.
It found the 
mssql_connect(),
 ibase_connect(), 
snmpget(), tidy_parse_string()
crack_opendict(),
 confirm_phpdoc_compiled() ..overflows and at least 20
undisclosed possible D.o.S. triggerable by remote.
disclose them, if you find one, credit Footzo.
Launch from the command line like this:

php footzo.php

and enjoy the show.
You can modify the system() call in footzo.php to attach with faultmon
(ex. with & on win).
If so, I suggest you to decomment the sleep() in footzoi.php.
Activate all possible extension in php.ini to find more vulns.

<//l337z h4x0rz\\>

<?PHP
error_reporting(0);
$c=(int)$argv[1];
$____token=get_defined_functions();
//print_r(array_values($____token));
for ($i=$c; $i<5000; $i++)
{ 
  $____suntzoi=$____token[internal][$i];
  echo "funzione:".$____suntzoi."\n\n\n";
  for ($j=1; $j<=21; $j++)
  {
   if ((function_exists($____suntzoi)) and ($____suntzoi<>1)){
   system("php footzoi.php ".$____suntzoi." ".$j);


  }
  }
}
?>

<?php
error_reporting(E_ALL);
set_time_limit(0);
//sleep(2)
$exclude=array();//modify here to exclude some funcs from the test
$____buff=str_repeat("A",9999);//modify the bof pattern if you want
$____suntzoi=trim($argv[1]);
$test=(int)$argv[2];
echo "\n[*]function: $____suntzoi, test: $test\n\n";  
  if ((function_exists($____suntzoi)) and ($____suntzoi<>1)){
        if (!in_array($____suntzoi,$exclude)){ 
    
           if ($test==1) {$t=$____suntzoi($____buff        );}
           if ($test==2) { $t=$____suntzoi($____buff,1      );}
           if ($test==3) { $t=$____suntzoi(1,1,$____buff    );}
           if ($test==4) { $t=$____suntzoi($____buff,1,1,1  );}
           if ($test==5) { $t=$____suntzoi(1,$____buff,1,1  );}
           if ($test==6) { $t=$____suntzoi(1,1,$____buff,1  );}
           if ($test==7) {  $t=$____suntzoi(1,1,1,$____buff  );}
           if ($test==8) { $t=$____suntzoi($____buff,1,1,1,1);}
           if ($test==9) { $t=$____suntzoi(1,$____buff,1,1,1);}
           if ($test==10) { $t=$____suntzoi(1,1,$____buff,1,1);}
           if ($test==11) { $t=$____suntzoi(1,1,1,$____buff,1);}
           if ($test==12) { $t=$____suntzoi(1,1,1,1,$____buff);}
           if ($test==13) { $t=$____suntzoi(1,$____buff      );}
           if ($test==14) { $t=$____suntzoi($____buff,1,1    );}
           if ($test==15) { $t=$____suntzoi(1,$____buff,1    );}
           if ($test==16) { $t=$____suntzoi($____buff,1,1,1,1,1);}
           if ($test==17) { $t=$____suntzoi(1,$____buff,1,1,1,1);}
           if ($test==18) { $t=$____suntzoi(1,1,$____buff,1,1,1);}
           if ($test==19) { $t=$____suntzoi(1,1,1,$____buff,1,1);}
           if ($test==20) { $t=$____suntzoi(1,1,1,1,$____buff,1);}
           if ($test==21) { $t=$____suntzoi(1,1,1,1,1,$____buff);}
            
            
        }
    }
?>