Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: PHP "multipart/form-data" denial of service
From: Moritz Naumann <security () moritz-naumann com>
Date: Tue, 24 Nov 2009 22:40:07 +0100

Bogdan Calin wrote:
Description
------------
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).

Thanks for the good description and test results, Bogdan.

Proof of concept
-----------------
I'm not going to publish the proof of concept Python script.
If you have a valid reason why you would need the proof of concept, you
can contact me at this email address (bogdan [at] acunetix.com).

Someone has apparently written one in bash:
http://www.paste-it.com/view/77958658
If testing for IT security issues wasn't practically illegalized in
Germany I might even have done it myself.

This script wasn't so effective when I tested it here, but it did work
after I spawned a couple processes. It takes it quite a while to prepare
the requests, though, and without the randomization stuff and with
=python this could probably be done much faster.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault