Symfony 2.7.0 < 4.0.10 - Denial of Service

• Exploit Database
• 15 阅读

• 作者： Federico Stange
  日期： 2018-05-26
• 类别：

  • dos
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44768/

• The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations (see below) and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
  
  An application is vulnerable when:
  
  - It is using PDOSessionHandler to store its sessions;
  
  - And it uses MySQL as a backend for sessions managed by PDOSessionHandler;
  
  - And the SQL mode does not contain STRICT_ALL_TABLES or STRICT_TRANS_TABLES (check via SELECT @@sql_mode).
  
  POC:
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44768.tgz