On Wed, Oct 22, 2014 at 9:35 PM, Daniel Zulla <daniel.zu...@gmail.com> wrote:
> OF COURSE IT’S NOT REALISTIC. > > But it’s a web security nightmare. > > Imagine a simple website accepting $_GET[‚test‘] as input. Now imagine a > web attacker who converts the server-side variable into an array > (?test[foo]) trying to INTENTIONALLY TRIGGER an overflow. > > I’ve just tested it. It throws an error message like > > Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to > allocate 32 bytes) in /usr/share/nginx/www/foo.php on line 6 > > But why are we letting attackers even get so far? Why aren’t we blocking > them far before that critical line of defense? This is at least an > information leak vulnerability in PHP which should be fixed. > Could you clarify how you got this result? PHP has a limit to the amount of GET/POST/etc values it accepts, which defaults to something like 1000. You should never be able to submit anything that even gets close to an overflow. Nikita
