Full Disclosure mailing list archives
Re: PHP "multipart/form-data" denial of service
From: Bogdan Calin <bogdan () acunetix com>
Date: Wed, 25 Nov 2009 11:35:59 +0200
Thanks for the good description and test results, Bogdan.
Thank you very much Moritz.
Proof of concept ----------------- I'm not going to publish the proof of concept Python script. If you have a valid reason why you would need the proof of concept, you can contact me at this email address (bogdan [at] acunetix.com).Someone has apparently written one in bash: http://www.paste-it.com/view/77958658 If testing for IT security issues wasn't practically illegalized in Germany I might even have done it myself. This script wasn't so effective when I tested it here, but it did work after I spawned a couple processes. It takes it quite a while to prepare the requests, though, and without the randomization stuff and with=python this could probably be done much faster.
I don't think bash is a good choice for writing this kind of exploits. My Python script is using threads to make the attack more effective. BTW, this is not the only proof of concept published until now. There are at least 2 more exploits published for this vulnerability. Even my python script got leaked somehow on packetstorm. It was bound to happen sooner or later. -- Bogdan Calin - bogdan () acunetix com CTO Acunetix Ltd. - http://www.acunetix.com Acunetix Web Security Blog - http://www.acunetix.com/blog _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PHP "multipart/form-data" denial of service Bogdan Calin (Nov 20)
- Re: PHP "multipart/form-data" denial of service Moritz Naumann (Nov 24)
- Re: PHP "multipart/form-data" denial of service Bogdan Calin (Nov 25)
- Re: PHP "multipart/form-data" denial of service Moritz Naumann (Nov 24)