URGENT .php hole capable of DoS
Results 1 to 5 of 5

Thread: URGENT .php hole capable of DoS

  1. #1
    Senior Member
    Join Date
    Mar 2002
    Posts
    442

    URGENT .php hole capable of DoS

    With all of the recent threads dealing with .php I was looking through some of the scripting here at AO, and I found a major exploitable hole. This can/will allow me to succesfully DoS the server to the point where it is inacessable to all. I confirmed this by attempting to access www.antionline.com with a seperate ineternet connection through a seperate ISP, and also through another friend, who was also completely unable to access anything from www.antionine.com when the exploit was running. It is extremely successful and is not a bandwith limited attack. I will not post this hole publicly in the forums because of the potential misuse and abuse that could spring from it. I strongly urge you to contact me as quickly as possible, so that we can fix this hole, and prevent it from being used maliciously.

    Contact me via private message here, or e-mail at the3@<a rel="nofollow" href="http://...k">www.com</a>

  2. #2
    Member
    Join Date
    Jul 2003
    Posts
    63
    well the mear fact that you posted that you know of a hole was a pretty retarded idea now people are obviously going to try to exploit the hole...possibly finding it... i think you should delete this thread and PM an admin or moderator.

  3. #3
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    thesecession > I already have pm'd the moderator(s). I wanted them to work on this and patch up this hole as quicly as possible, but it seems that they do not care much about the security of their web site. Oh well, not my loss :S.

  4. #4
    Member
    Join Date
    Jul 2003
    Posts
    63
    good point heh

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    Okay, good job JupMed, looks like they are all closed up, not sure what ya did, can't find the code change :S, but doesn't matter, this thread can be closed.

    To anyone who is interested in exactly what I did, and how the hole was exploited, pm, message, or e-mail mia, via my profile.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •