Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv(), by @cfreal_

The vulnerability and exploits are described in the following blogposts:

• Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1): PHP filters
• Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2): direct iconv() calls, Roundcube
• To be continued...

Exploits will become available as blogposts come out.

• CNEXT: file read to RCE exploit
• Roundcube: authenticated RCE exploit
• To be continued...