July 5th, 2003, 06:53 PM
URGENT .php hole capable of DoS
With all of the recent threads dealing with .php I was looking through some of the scripting here at AO, and I found a major exploitable hole. This can/will allow me to succesfully DoS the server to the point where it is inacessable to all. I confirmed this by attempting to access www.antionline.com with a seperate ineternet connection through a seperate ISP, and also through another friend, who was also completely unable to access anything from www.antionine.com when the exploit was running. It is extremely successful and is not a bandwith limited attack. I will not post this hole publicly in the forums because of the potential misuse and abuse that could spring from it. I strongly urge you to contact me as quickly as possible, so that we can fix this hole, and prevent it from being used maliciously.
Contact me via private message here, or e-mail at the3@<a rel="nofollow" href="http://...k">www.com</a>
July 6th, 2003, 06:34 AM
well the mear fact that you posted that you know of a hole was a pretty retarded idea now people are obviously going to try to exploit the hole...possibly finding it... i think you should delete this thread and PM an admin or moderator.
July 6th, 2003, 05:31 PM
thesecession > I already have pm'd the moderator(s). I wanted them to work on this and patch up this hole as quicly as possible, but it seems that they do not care much about the security of their web site. Oh well, not my loss :S.
July 7th, 2003, 12:52 AM
July 9th, 2003, 04:54 AM
Okay, good job JupMed, looks like they are all closed up, not sure what ya did, can't find the code change :S, but doesn't matter, this thread can be closed.
To anyone who is interested in exactly what I did, and how the hole was exploited, pm, message, or e-mail mia, via my profile.