--- Begin Message ---A new vuln in PHP Interpreter. You Dont Even Need To Have PHP Installed To Reboot Win Servers. Hi, we're Doruk Babalık & M.ali Akmanalp From Turkey. I Love To Code Sockets With PHP, So I Created A System That I Call PHPX, That's Composed Of php.exe, php.ini, php_sockets.dll, php5ts.dll. the php-cli compatible php code and a batchfile. This EXECUTES the PHP Code Without Requesting Any Other 3rd Party Program With The 4-File PHP Interpreter Within it. I'll Be Porting GTK2.0.0 When Avabile but nevermind. tahts not the case. when I Was Checking My Packet Flooder, I Realized That, Both if i use php://stdin or $argv, Windows XP PRO/HOME crashes and Reboots as it finishes executing socket_connect(); ONLY If, socket_create(AF_INET, SOCK_RAW, getprotobyhname("icmp")); Thats pretty serious. I'LL Be Testing It On NT and WinServer 2003 in a few minutes. however, the same vuln. may be avabile in linux. the vuln. is not sourced of my reducement in the php core files to "4".:).. The Full VERSİON PHP5 Interpreter Does This As Well. But Only With My PHP Code. If YOU Exec on Apache, No Reboot. Cuz it's not php.exe, but apache.exe which opens the connection. but when u execute cli, reboot! An English version is included in this mail. aLSO wİNserver doesnt need to have php, since i have PHPX, Only 1.7Mb in size, which requires absolutely no extra config, and works exactly aS A Runtime. all you have to do is to exec the batfile.---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
--- End Message ---
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
