PHP Captcha Security Images - DoS Vulnerability

ID EDB-ID:11397
Type exploitdb
Reporter cp77fk4r
Modified 2010-02-11T00:00:00


PHP Captcha Security Images DoS Vulnerability. Dos exploit for php platform

                                            # Exploit Title: CaptchaSecurityImages.php Denial Of Service
# Author: cp77fk4r | empty0page[SHIFT+2] |
# Software Link:
##[Denial Of Service]
(OWASP: The Denial of Service (DoS) attack is focused on making unavailable a resource (site, application, server) for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may stop providing service to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or the way the service handles resources used by it.)
The vuln code is: (lines 73-75)
$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
$characters = isset($_GET['characters']) && $_GET['characters'] > 1 ? $_GET['characters'] : '6';
To fix it- delete all the "$_GET[x]" strings and make it constant, like this: