PHP SysInfo

Tracker: Bugs

5 DOS: phpsysinfo recursive loop - ID: 670222

Last Update: Settings changed ( webbie )

Details:

the following line in index.php (~line 90) makes it
possible to crash a single apache process. It could
easily be used to DOS a server. Simply calling
index.php?lng=../../index creates a run-a-way recursive
loop, creating a huge load and finally crashing the
apache process.

require('./includes/lang/' . $lng . '.php');

I'm not a real PHP programmer but I tried to find a
fix, I came up with the following, see the attached
file. I have no idea if it is 100% secure but at least
it works for me :)

mzzl
Wolter

Submitted:

Wolter Kamphuis ( wkamphuis ) - 2003-01-18 11:09

Priority:

Status:

Closed

Resolution:

Fixed

Assigned:

Nobody/Anonymous

Category:

None

Group:

None

Visibility:

Public

Comment ( 1 )

Date: 2003-01-19 02:22 Sender: webbie Logged In: YES user_id=565 Added to CVS

Log in to comment.

Attached File ( 1 )

Filename	Description	Download
phpsysinfofix.txt	The fix	Download

Changes ( 4 )

Field	Old Value	Date	By
status_id	Open	2004-04-29 16:49	webbie
resolution_id	None	2004-04-29 16:49	webbie
close_date	-	2004-04-29 16:49	webbie
File Added	39955: phpsysinfofix.txt	2003-01-18 11:10	wkamphuis

PHP SysInfo

Tracker: Bugs

Comment ( 1 )

Log in to comment.

Attached File ( 1 )

Changes ( 4 )

About SourceForge

Find Software

Develop Software

Community

Help