PHP 5.2.5 - 'mbstring.func_overload' Webserver Denial Of Service Vulnerability

ID EDB-ID:32769
Type exploitdb
Reporter strategma
Modified 2009-01-30T00:00:00


PHP 5.2.5 'mbstring.func_overload' Webserver Denial Of Service Vulnerability. CVE-2009-0754. Dos exploit for php platform


PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations.

Attackers can exploit this issue to crash the affected webserver, denying service to legitimate users. 

        $v = 'Òîâà å òåñò|test.php';
        print substr($v,0,strpos($v,'|'));