PHP local DoS: self-fetching throught HTTP

From: Ilya Teterin (alienhardat_private)
Date: Wed Jul 18 2001 - 06:29:01 PDT

Next message: R v. Dijk: "long filename issue in Win9x"

Previous message: TAKAGI, Hiromitsu: "Squid cross-site scripting (Fw: Squid doesn't quote urls in error messages.)"
Next in thread: Joe Harris: "Re: [BUGTRAQ] PHP local DoS: self-fetching throught HTTP"
Reply: Joe Harris: "Re: [BUGTRAQ] PHP local DoS: self-fetching throught HTTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PHP scripting allows "opening" files througth HTTP:

$file=fopen("http://host/page.html","r");

If script opening itself throught HTTP, it will result in 
DoS attack:
as much as possible HTTP connections and great 
number of executing PHP scripts.
Timeout settings are useless.

Possible solutions:
- disable HTTP connections from local host
- limit number of connections from one host

Samlpe exploit: put "script.php" to 
www.freehosting.domain and make some HTTP 
request to it.

==begin of script.php==
<?php
$file=fopen "http://www.freehosting.domain/script.php"
,"r");
?>
===end of script.php===

Another way to use PHP script self-fetching is 
creating infinite-living scripts on server: before 
execution timeout exceed, script "opening" itself 
throught HTTP and continue its execution.

buggzy, Nerf Security Group
www.nerf.ru

Next message: R v. Dijk: "long filename issue in Win9x"
Previous message: TAKAGI, Hiromitsu: "Squid cross-site scripting (Fw: Squid doesn't quote urls in error messages.)"
Next in thread: Joe Harris: "Re: [BUGTRAQ] PHP local DoS: self-fetching throught HTTP"
Reply: Joe Harris: "Re: [BUGTRAQ] PHP local DoS: self-fetching throught HTTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 07:59:19 PDT