Full Disclosure mailing list archives

PHP Exploit

From: full-disclosure () lists netsys com (Ulf H{rnhammar)
Date: Tue, 23 Jul 2002 12:27:59 +0200

Description
PHP contains code for intelligently parsing the headers of HTTP POST
requests. The code is used to differentiate between variables and files sent
by the user agent in a "multipart/form-data" request. This parser has
insufficient input checking, leading to the vulnerability.


Another hole in the same part of the code as last time..

Workaround
If the PHP applications on an affected web server do not rely on HTTP POST
input from user agents, it is often possible to deny POST requests on the
web server.


Seeing as the multipart/form-data MIME type is mostly used with file uploads
(forms without file uploads usually use the application/x-www-form-urlencoded
MIME type), perhaps you could protect yourself by setting file_uploads to off
in php.ini, or maybe that doesn't work for some reason.

// Ulf Harnhammar

Current thread:

PHP Exploit Paul Tinsley (Jul 22)
- PHP Exploit KF (Jul 22)
- PHP Exploit Charles 'core' Stevenson (Jul 22)
- PHP Exploit Ulf H{rnhammar (Jul 23)
- <Possible follow-ups>
- PHP Exploit Paul Tinsley (Jul 22)