uranium
02-26-2004, 01:01 PM
This is a proof of concept exploit for Apache/1.3.x + php_4.0.6. This
code exploit multipart/form-data POST requests bug. This code only crash
apache deamon, not open any shell or execute code in the remote server.
PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute arbi-
trary code. I dont know if the vuln I exploit is a known vuln or not.
Example:
-------
[uranium@localhost]$ ./apache_php host 80 hi.php
code exploit multipart/form-data POST requests bug. This code only crash
apache deamon, not open any shell or execute code in the remote server.
PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute arbi-
trary code. I dont know if the vuln I exploit is a known vuln or not.
Example:
-------
[uranium@localhost]$ ./apache_php host 80 hi.php