Re: PHP "multipart/form-data" denial of service

[Bogdan Calin <bogdan () acunetix com>]

> Thanks for the good description and test results, Bogdan.

Thank you very much Moritz.


> > Proof of concept
> > -----------------
> > I'm not going to publish the proof of concept Python script.
> > If you have a valid reason why you would need the proof of concept, you
> > can contact me at this email address (bogdan [at] acunetix.com).
>
> Someone has apparently written one in bash:
> http://www.paste-it.com/view/77958658
> If testing for IT security issues wasn't practically illegalized in
> Germany I might even have done it myself.
>
> This script wasn't so effective when I tested it here, but it did work
> after I spawned a couple processes. It takes it quite a while to prepare
> the requests, though, and without the randomization stuff and with
> > =python this could probably be done much faster.

I don't think bash is a good choice for writing this kind of exploits.
My Python script is using threads to make the attack more effective.

BTW, this is not the only proof of concept published until now.
There are at least 2 more exploits published for this vulnerability.
Even my python script got leaked somehow on packetstorm.
It was bound to happen sooner or later.

-- 
Bogdan Calin - bogdan () acunetix com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/