Home page logo

fulldisclosure logo Full Disclosure mailing list archives

PHP Exploit
From: full-disclosure () lists netsys com (Ulf H{rnhammar)
Date: Tue, 23 Jul 2002 12:27:59 +0200

PHP contains code for intelligently parsing the headers of HTTP POST
requests. The code is used to differentiate between variables and files sent
by the user agent in a "multipart/form-data" request. This parser has
insufficient input checking, leading to the vulnerability.

Another hole in the same part of the code as last time..

If the PHP applications on an affected web server do not rely on HTTP POST
input from user agents, it is often possible to deny POST requests on the
web server.

Seeing as the multipart/form-data MIME type is mostly used with file uploads
(forms without file uploads usually use the application/x-www-form-urlencoded
MIME type), perhaps you could protect yourself by setting file_uploads to off
in php.ini, or maybe that doesn't work for some reason.

// Ulf Harnhammar

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]