[21597] in bugtraq
PHP local DoS: self-fetching throught HTTP
daemon@ATHENA.MIT.EDU (Ilya Teterin)
Wed Jul 18 11:46:58 2001
Date: 18 Jul 2001 13:29:01 -0000
Message-ID: <20010718132901.27868.qmail@securityfocus.com>
From: Ilya Teterin <alienhard@mail.ru>
To: bugtraq@securityfocus.com
PHP scripting allows "opening" files througth HTTP:
$file=fopen("http://host/page.html","r");
If script opening itself throught HTTP, it will result in
DoS attack:
as much as possible HTTP connections and great
number of executing PHP scripts.
Timeout settings are useless.
Possible solutions:
- disable HTTP connections from local host
- limit number of connections from one host
Samlpe exploit: put "script.php" to
www.freehosting.domain and make some HTTP
request to it.
==begin of script.php==
<?php
$file=fopen "http://www.freehosting.domain/script.php"
,"r");
?>
===end of script.php===
Another way to use PHP script self-fetching is
creating infinite-living scripts on server: before
execution timeout exceed, script "opening" itself
throught HTTP and continue its execution.
buggzy, Nerf Security Group
www.nerf.ru
