Chris Shiflett wrote:
--- Marek Kilimajer <[EMAIL PROTECTED]> wrote:
PHP must read the whole post stream to create $_POST and
$HTTP_POST_VARS arrays, and to save file uploads into a temporary
files. This happens before the script is executed.
Well, there are other scenarios:
POST /path/to/script.php HTTP/1.1
Host: example.org
Content-Type: shiflett
Content-Length: 384975438975438753495734957
will be caught by the LimitRequestBody. That can only have a maximum of 2GB.
You have demonstrated how easy it's to carry out a DOS with POST.
--
Raditha Dissanayake.
---------------------------------------------
http://raditha/megaupload/upload.php
Sneak past the PHP file upload limits.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php