ID: 33313 Updated by: [EMAIL PROTECTED] Reported By: trustpunk at hotmail dot com -Status: Open +Status: Feedback Bug Type: IIS related Operating System: Windows PHP Version: 5.0.4, 4.3.11 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2005-06-11 22:32:03] trustpunk at hotmail dot com Description: ------------ When running PHP as an ISAPI module , you can remotely crash the web server by creating a specially crafted URL. This bug was discovered by accident and I actually refer it as a DDoS type of attack on the web server. Please fix this! PHP versions effected so far: v4.3.11 , v5.0.4 Reproduce code: --------------- Using a URL like this will crash the web server , only ISAPI is effected. http://www.your-site.com/script.php/num=10101 I discovered this when writing a Binary to Decimal converter. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33313&edit=1
