This attack method is very harmful and the attack cost is very small as described in the previous two articles (DoS attacks in various languages are implemented by constructing Hash conflicts, and Hash conflict instances in PHP arrays. A single desktop can easily crash dozens and hundreds of servers. after communication with Pierre, the Official Development Team will not release PHP 5.2.18 for this purpose, but many companies are still using 5.2, So I specially wrote a patch for dmitry 5.4, apply to 5.2 respectively. if you use 5.2 of these patches, you can use the patch above and PHP5.3 to upgrade to 5.3.9. This patch is already included (because 5.3.9 is currently in the RC status, so if you do not want to upgrade, you can also refer to this patch for 5.3 to write a): https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars In addition, other languages such as java, ruby, please also think about the countermeasures in advance, limiting post_size is a temporary solution. thanks
Address: http://www.laruence.com/2011/12/30/2440.html