PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

phpwiki - The Wiki for PHP Developers
Localizing a Web Page for Different Languages
Using JavaScript To Call PHP Database Routines Between Windows
PHP-HTML Templates: A New Working Relationship
Storing Checkbox Data in a Database

Re: [phplib-dev] security: READ THIS! From: nathan r. hruby (nathan <email protected>)
Date: 07/14/01

Next message: Matt Wong: "[phplib-dev] More: security: READ THIS!"
Previous message: Thies C. Arntzen: "Re: [phplib-dev] have a nice weekend..."
In reply to: giancarlo pinerolo: "[phplib-dev] security: READ THIS!"
Next in thread: Jeff Stuart: "Re[2]: [phplib-dev] security: READ THIS!"
Reply: Jeff Stuart: "Re[2]: [phplib-dev] security: READ THIS!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 14 Jul 2001, giancarlo pinerolo wrote:

> Gosh
> with regards to this paper, named PHP Security Paper (a study in
> scarlet)...
>
> http://www.securereality.com.au/studyinscarlet.txt
>
> I always thought _PHPLIB was a defined constant, now I realize it is an
> array
> try this script please, which can override the $_PHPLIB[libdir] value.
>
> in the third input field, which overrides _PHPLIB[libdir], type '/tmp/',
> and it will include a file named 'test' there
>
> Giancarlo

[snip scripts]

This is becasue $_PHPLIB['libdir'] is only initalized if it isn't present.
Simply remvove the if(!(is_array($_PHPLIB)) { call and it will be better.
If you don't use this functionality in prepend.php3 (eg: you have phplib
in PHP's include_path) then simply define $_PHPLIB['libdir'] as a a NULL
or empty string.

Better yet, enable track_vars and disable register_globals for php, and
this won't be a problem, becasue your user input will be located in
$HTTP_GET_VARS['_PHPLIB'['libdir']] not in the global environment

-n

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
nathan hruby / digital statement
nathan <email protected>
http://www.dstatement.com/
Public GPG key can be found at:
http://www.dstatement.com/nathan-gpg-key.txt
ED54 9A5E 132D BD01 9103  EEF3 E1B9 4738 EC90 801B
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- 
Abbestellen mit Mail an:   phplib-dev-unsubscribe <email protected>
Kommandoliste mit Mail an: phplib-dev-help <email protected>

Next message: Matt Wong: "[phplib-dev] More: security: READ THIS!"
Previous message: Thies C. Arntzen: "Re: [phplib-dev] have a nice weekend..."
In reply to: giancarlo pinerolo: "[phplib-dev] security: READ THIS!"
Next in thread: Jeff Stuart: "Re[2]: [phplib-dev] security: READ THIS!"
Reply: Jeff Stuart: "Re[2]: [phplib-dev] security: READ THIS!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]