[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] PHP "multipart/form-data" denial of service
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] PHP "multipart/form-data" denial of service
- From: Moritz Naumann <security@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Nov 2009 22:40:07 +0100
Bogdan Calin wrote:
> Description
> ------------
> PHP version 5.3.1 was just released. This release contains a patch for a
> denial of service condition we've reported on 27 October 2009. The
> problem is related with PHP's handling of RFC 1867 (Form-based File
> Upload in HTML).
Thanks for the good description and test results, Bogdan.
> Proof of concept
> -----------------
> I'm not going to publish the proof of concept Python script.
> If you have a valid reason why you would need the proof of concept, you
> can contact me at this email address (bogdan [at] acunetix.com).
Someone has apparently written one in bash:
http://www.paste-it.com/view/77958658
If testing for IT security issues wasn't practically illegalized in
Germany I might even have done it myself.
This script wasn't so effective when I tested it here, but it did work
after I spawned a couple processes. It takes it quite a while to prepare
the requests, though, and without the randomization stuff and with
>=python this could probably be done much faster.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/