Cloudweavers » php http://www.cloudweavers.org Cutting-edge technology consultant Tue, 31 Jan 2012 13:56:18 +0000 en hourly 1 http://wordpress.org/?v=3.1.2 PHP MultiPart Form-Data Denial of Service proof of concept http://www.cloudweavers.org/2009/11/php-multipart-form-data-denial-of-service-proof-of-concept/ http://www.cloudweavers.org/2009/11/php-multipart-form-data-denial-of-service-proof-of-concept/#comments Fri, 27 Nov 2009 16:12:29 +0000 pascal.charest http://blog.pacharest.com/?p=1376

PHP version 5.3.1 was just released. This release contains a patch for a denial of service condition we’ve reported on 27 October 2009. The problem is related with PHP’s handling of RFC 1867 (Form-based File upload in HTML).

Source: http://www.securityfocus.com/archive/1/507982

Exploit already on PacketStorm

]]> http://www.cloudweavers.org/2009/11/php-multipart-form-data-denial-of-service-proof-of-concept/feed/ 643 retrieve client browser lang setting with php http://www.cloudweavers.org/2009/07/retrieve-client-browser-lang-with-php/ http://www.cloudweavers.org/2009/07/retrieve-client-browser-lang-with-php/#comments Thu, 09 Jul 2009 02:55:27 +0000 pascal.charest http://blog.pacharest.com/?p=1214 I promised a client I would give him a little PHP script to help him deal with internationalization (french/english visitors) of his website. So, here is a very simple way to retrieve your visitor’s browser language setting and fork through a IF clause based on this value :

< ?php
#we retreive the language
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);


#if french $lang=fr, english $lang=en
if ( $lang==”fr” ) {
echo “ceci est la version francaise”;
}
else {
echo “other language”;
}

?>

This is not meant to be the ‘best’ way or the ‘easiest’, it is simply the way I would do it for a small project. If you got a better way, feel free to post it in the comment section of this post !

]]> http://www.cloudweavers.org/2009/07/retrieve-client-browser-lang-with-php/feed/ 167 ensim & php :’premature end of script’ ; php-script’ http://www.cloudweavers.org/2009/05/premature-end-of-script/ http://www.cloudweavers.org/2009/05/premature-end-of-script/#comments Wed, 13 May 2009 19:40:18 +0000 pascal.charest http://blog.pacharest.com/?p=1099 I had an installation of phpForms [1] to complete on a client server where Ensim was already installed and configured. installed. I’ve learn a couple of things:

1.
Recovering the root MySQL password is ‘really, really easy’ if Ensim is installed on the server – maybe a bit too much:

# ensim-python -c “import sys;sys.path.append(\”/usr/lib/opcenter/mysql\”);import mysqlbe;print mysqlbe.read_mysqlpass()”

2.
./phpforms/install.php script fail with a 500 error (application error) when viewed with a web browser but output valid code when viewed through a CLI. In a direct relation, the apache error-log is complaining :
‘premature end of script’ ; php-script’

This error is directly related to Ensim’s security setting. Try lowering them: when logged as server-administrator, edit the site setting, and set a ‘low-security-setting’.

[1]. http://phpforms.net/ – PHP Scripts to auto-magically create web forms using database backend.

]]> http://www.cloudweavers.org/2009/05/premature-end-of-script/feed/ 140