Penetration Testing mailing list archives

Re: PHP -> Fatal error: Allowed memory size

From: clez <bugtraq-pt () clez net>
Date: Thu, 17 Jun 2010 13:51:36 +0200

Actually it is a protection mechanism. The server process handling your 
request reached the predefined memory limit and stops.
It's easy to provoke such an abort by calling a script with huge array 
definitions. 

If you got this error message in your browser, I'd consider having 
"display_errors = on" being the bigger flaw.


On Saturday 12 June 2010 18:08:25 Jacky Jack wrote:

Hi

Requesting certain attack payload triggers:

Fatal error: Allowed memory size of *** bytes (tried ...)


Error in a PHP application.


May this be security flaw like DOS?

Thank you.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

PHP -> Fatal error: Allowed memory size Jacky Jack (Jun 16)
- Re: PHP -> Fatal error: Allowed memory size clez (Jun 18)