ID: 33313 User updated by: trustpunk at hotmail dot com Reported By: trustpunk at hotmail dot com -Status: Feedback +Status: Closed Bug Type: IIS related Operating System: Windows PHP Version: 5.0.4, 4.3.11 New Comment:
Im proud to say that the Bug is fixed in that release :-) Make sure you apply that to v4.3 also. LateR! Previous Comments: ------------------------------------------------------------------------ [2005-06-12 01:08:49] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ [2005-06-11 22:32:03] trustpunk at hotmail dot com Description: ------------ When running PHP as an ISAPI module , you can remotely crash the web server by creating a specially crafted URL. This bug was discovered by accident and I actually refer it as a DDoS type of attack on the web server. Please fix this! PHP versions effected so far: v4.3.11 , v5.0.4 Reproduce code: --------------- Using a URL like this will crash the web server , only ISAPI is effected. http://www.your-site.com/script.php/num=10101 I discovered this when writing a Binary to Decimal converter. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33313&edit=1
