[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20020723102759.GA13016@Update.UU.SE>
From: ulfh at Update.UU.SE (Ulf H{rnhammar)
Subject: PHP Exploit
> Description
> PHP contains code for intelligently parsing the headers of HTTP POST
> requests. The code is used to differentiate between variables and files sent
> by the user agent in a "multipart/form-data" request. This parser has
> insufficient input checking, leading to the vulnerability.
Another hole in the same part of the code as last time..
> Workaround
> If the PHP applications on an affected web server do not rely on HTTP POST
> input from user agents, it is often possible to deny POST requests on the
> web server.
Seeing as the multipart/form-data MIME type is mostly used with file uploads
(forms without file uploads usually use the application/x-www-form-urlencoded
MIME type), perhaps you could protect yourself by setting file_uploads to off
in php.ini, or maybe that doesn't work for some reason.
// Ulf Harnhammar
Powered by blists - more mailing lists