lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 25 Nov 2009 11:35:59 +0200
From: Bogdan Calin <bogdan@...netix.com>
To: Moritz Naumann <security@...itz-naumann.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: PHP "multipart/form-data" denial of service

> 
> Thanks for the good description and test results, Bogdan.

Thank you very much Moritz.


>> Proof of concept
>> -----------------
>> I'm not going to publish the proof of concept Python script.
>> If you have a valid reason why you would need the proof of concept, you
>> can contact me at this email address (bogdan [at] acunetix.com).
> 
> Someone has apparently written one in bash:
> http://www.paste-it.com/view/77958658
> If testing for IT security issues wasn't practically illegalized in
> Germany I might even have done it myself.
> 
> This script wasn't so effective when I tested it here, but it did work
> after I spawned a couple processes. It takes it quite a while to prepare
> the requests, though, and without the randomization stuff and with
>> =python this could probably be done much faster.

I don't think bash is a good choice for writing this kind of exploits.
My Python script is using threads to make the attack more effective.

BTW, this is not the only proof of concept published until now.
There are at least 2 more exploits published for this vulnerability.
Even my python script got leaked somehow on packetstorm.
It was bound to happen sooner or later.

-- 
Bogdan Calin - bogdan@...netix.com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ