ID: 33313 Updated by: [EMAIL PROTECTED] Reported By: trustpunk at hotmail dot com -Status: Open +Status: Closed Bug Type: IIS related Operating System: Windows PHP Version: 5.0.4, 4.3.11 New Comment:
Won't fix in PHP 4. (that would require too big changes and as we're focused on PHP 5 anyway, this is yet another reason to start using PHP) Previous Comments: ------------------------------------------------------------------------ [2005-06-13 01:41:45] trustpunk at hotmail dot com I use PHP v4 , I tried the latest snapshot of PHP4 and the bug still exists , it would bne nice if you could fix it. Snapshot: v4.4.x-dev [June 12, 2005] ------------------------------------------------------------------------ [2005-06-12 01:35:24] trustpunk at hotmail dot com Im proud to say that the Bug is fixed in that release :-) Make sure you apply that to v4.3 also. LateR! ------------------------------------------------------------------------ [2005-06-12 01:08:49] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip ------------------------------------------------------------------------ [2005-06-11 22:32:03] trustpunk at hotmail dot com Description: ------------ When running PHP as an ISAPI module , you can remotely crash the web server by creating a specially crafted URL. This bug was discovered by accident and I actually refer it as a DDoS type of attack on the web server. Please fix this! PHP versions effected so far: v4.3.11 , v5.0.4 Reproduce code: --------------- Using a URL like this will crash the web server , only ISAPI is effected. http://www.your-site.com/script.php/num=10101 I discovered this when writing a Binary to Decimal converter. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=33313&edit=1
