From ce8a9e9318fcd7abae7fa2b0be2f671ec4bd1f8b Mon Sep 17 00:00:00 2001
From: James Lee <James_Lee@rapid7.com>
Date: Wed, 2 Jun 2010 05:04:24 +0000
Subject: [PATCH] update space requirements

git-svn-id: file:///home/svn/framework3/trunk@9392 4d416f70-5f16-0410-b530-b9f4589650da
---
 modules/exploits/unix/webapp/php_eval.rb    | 5 ++++-
 modules/exploits/unix/webapp/php_include.rb | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/unix/webapp/php_eval.rb b/modules/exploits/unix/webapp/php_eval.rb
index 50ee672fbc..56594d522f 100644
--- a/modules/exploits/unix/webapp/php_eval.rb
+++ b/modules/exploits/unix/webapp/php_eval.rb
@@ -32,9 +32,12 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Arch'           => ARCH_PHP,
 			'Payload'        =>
 				{
-					'Space'       => 4000,
+					# max header length for Apache,
+					# http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize
+					'Space'       => 8190,
 					# max url length for some old versions of apache according to
 					# http://www.boutell.com/newfaq/misc/urllength.html
+					#'Space'       => 4000,
 					'DisableNops' => true,
 					'BadChars'    => %q|'"`|,  # quotes are escaped by PHP's magic_quotes_gpc in a default install
 					'Compat'      =>
diff --git a/modules/exploits/unix/webapp/php_include.rb b/modules/exploits/unix/webapp/php_include.rb
index dffb9e5221..4bbd7c7961 100644
--- a/modules/exploits/unix/webapp/php_include.rb
+++ b/modules/exploits/unix/webapp/php_include.rb
@@ -40,7 +40,9 @@ class Metasploit3 < Msf::Exploit::Remote
 						{
 							'ConnectionType' => 'find',
 						},
-					'Space'       => 32768,
+					# Arbitrary big number. The payload gets sent as an HTTP
+					# response body, so really it's unlimited
+					'Space'       => 262144, # 256k
 				},
 			'DefaultOptions' =>
 				{