Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: PHP "multipart/form-data" denial of service
From: Bogdan Calin <bogdan () acunetix com>
Date: Wed, 25 Nov 2009 11:35:59 +0200


Thanks for the good description and test results, Bogdan.

Thank you very much Moritz.


Proof of concept
-----------------
I'm not going to publish the proof of concept Python script.
If you have a valid reason why you would need the proof of concept, you
can contact me at this email address (bogdan [at] acunetix.com).

Someone has apparently written one in bash:
http://www.paste-it.com/view/77958658
If testing for IT security issues wasn't practically illegalized in
Germany I might even have done it myself.

This script wasn't so effective when I tested it here, but it did work
after I spawned a couple processes. It takes it quite a while to prepare
the requests, though, and without the randomization stuff and with
=python this could probably be done much faster.

I don't think bash is a good choice for writing this kind of exploits.
My Python script is using threads to make the attack more effective.

BTW, this is not the only proof of concept published until now.
There are at least 2 more exploits published for this vulnerability.
Even my python script got leaked somehow on packetstorm.
It was bound to happen sooner or later.

-- 
Bogdan Calin - bogdan () acunetix com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault