Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: PHP "multipart/form-data" denial of service
From: Moritz Naumann <security () moritz-naumann com>
Date: Tue, 24 Nov 2009 22:40:07 +0100

Bogdan Calin wrote:
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).

Thanks for the good description and test results, Bogdan.

Proof of concept
I'm not going to publish the proof of concept Python script.
If you have a valid reason why you would need the proof of concept, you
can contact me at this email address (bogdan [at] acunetix.com).

Someone has apparently written one in bash:
If testing for IT security issues wasn't practically illegalized in
Germany I might even have done it myself.

This script wasn't so effective when I tested it here, but it did work
after I spawned a couple processes. It takes it quite a while to prepare
the requests, though, and without the randomization stuff and with
=python this could probably be done much faster.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]