Re: PHP -> Fatal error: Allowed memory size



Actually it is a protection mechanism. The server process handling your
request reached the predefined memory limit and stops.
It's easy to provoke such an abort by calling a script with huge array
definitions.

If you got this error message in your browser, I'd consider having
"display_errors = on" being the bigger flaw.


On Saturday 12 June 2010 18:08:25 Jacky Jack wrote:
Hi

Requesting certain attack payload triggers:
Fatal error: Allowed memory size of *** bytes (tried ...)

Error in a PHP application.


May this be security flaw like DOS?

Thank you.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages