Home / TIPS dan TRICK / PHP Float DoS <= 5.3.X

PHP Float DoS <= 5.3.X

Posted by Unknown Kamis, 20 Oktober 2011 0 komentar
I'm not sure if you've heard it or not, it's actually "rather old" news now, but PHP 5.3.X suffers from a floating-point denial of service.
If the PHP interpreter tries to parses a specific number, the fork/thread (?) simply hangs and starts consuming CPU resources.

The original advisory states the following snippet:

----------------------------------------------------

---------------------------------------------------

The exploit is self explaining, all you have to do is to find a numeric variable on a site you're pissed enough at. Eg:

http://website.com/index.php?id=7


Replace the id variable with 2.2250738585072011e-308 and watch your success when the server doesn't respond with a page.
This doesn't kill the server - but it do consume alot of CPU resources.

Your best approach is to send several requests (code something will you?) which sends either HTTP POST or GET requests towards the server.
It surely wont take long before it goes down completely.

Here's a PoC script using several variations of the evil floating-point:

-------------------------------------------------------

---------------------------------------------------------

That's it! Update your PHP installation (if you haven't already) :)
TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: PHP Float DoS <= 5.3.X
Ditulis oleh Unknown
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke https://androidjones7.blogspot.com/2011/10/php-float-dos-53x.html. Terima kasih sudah singgah membaca artikel ini.
Categories: , ,

If You Like This Post, Share it With Your Friends

0 komentar:

Posting Komentar

Trik SEO Terbaru support Online Shop Baju Wanita - Original design by Bamz | Copyright of android jones.
Diberdayakan oleh Blogger.