php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33313 I found a flaw in the ISAPI module
Submitted: 2005-06-11 22:32 UTC Modified: 2005-06-13 10:38 UTC
From: trustpunk at hotmail dot com Assigned:
Status: Closed Package: IIS related
PHP Version: 5.0.4, 4.3.11 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: trustpunk at hotmail dot com
New email:
PHP Version: OS:

 

 [2005-06-11 22:32 UTC] trustpunk at hotmail dot com 
Description:
------------
When running PHP as an ISAPI module , you can remotely crash the web server by creating a specially crafted URL. This bug was discovered by accident and I actually refer it as a DDoS
type of attack on the web server. Please fix this!

PHP versions effected so far: v4.3.11 , v5.0.4



Reproduce code:
---------------
Using a URL like this will crash the web server , only ISAPI is effected.

http://www.your-site.com/script.php/num=10101

I discovered this when writing a Binary to Decimal converter.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-06-12 01:08 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip
 [2005-06-12 01:35 UTC] trustpunk at hotmail dot com 
Im proud to say that the Bug is fixed in that release :-)

Make sure you apply that to v4.3 also. LateR!
 [2005-06-13 01:41 UTC] trustpunk at hotmail dot com 
I use PHP v4 , I tried the latest snapshot of PHP4 and the
bug still exists , it would bne nice if you could fix it.

Snapshot: v4.4.x-dev [June 12, 2005]
 [2005-06-13 10:38 UTC] sniper@php.net 
Won't fix in PHP 4. (that would require too big changes and as we're focused on PHP 5 anyway, this is yet another reason to start using PHP)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Aug 01 01:00:02 2025 UTC