[Full-Disclosure] PHP Exploit
Ulf H{rnhammar
ulfh at Update.UU.SE
Tue Jul 23 11:27:59 BST 2002
> Description
> PHP contains code for intelligently parsing the headers of HTTP POST
> requests. The code is used to differentiate between variables and files sent
> by the user agent in a "multipart/form-data" request. This parser has
> insufficient input checking, leading to the vulnerability.
Another hole in the same part of the code as last time..
> Workaround
> If the PHP applications on an affected web server do not rely on HTTP POST
> input from user agents, it is often possible to deny POST requests on the
> web server.
Seeing as the multipart/form-data MIME type is mostly used with file uploads
(forms without file uploads usually use the application/x-www-form-urlencoded
MIME type), perhaps you could protect yourself by setting file_uploads to off
in php.ini, or maybe that doesn't work for some reason.
// Ulf Harnhammar
Full-Disclosure is hosted and sponsored by Secunia.