DOS: phpsysinfo recursive loop
Brought to you by:
namiltd
the following line in index.php (~line 90) makes it
possible to crash a single apache process. It could
easily be used to DOS a server. Simply calling
index.php?lng=../../index creates a run-a-way recursive
loop, creating a huge load and finally crashing the
apache process.
require('./includes/lang/' . $lng . '.php');
I'm not a real PHP programmer but I tried to find a
fix, I came up with the following, see the attached
file. I have no idea if it is 100% secure but at least
it works for me :)
mzzl
Wolter
The fix
Logged In: YES
user_id=565
Added to CVS