 |
 |
 |
 |
|
|
Date: 07/14/01
- Next message: giancarlo pinerolo: "[phplib] [Fwd: ... and more]"
- Previous message: giancarlo pinerolo: "[phplib] [Fwd: security: READ THIS!]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
actually this was part one, but it's OK
Anyway the solution is to cut out the line that says:
if (!is_array($_PHPLIB)) {
in prepend.php3
Giancarlo
attached mail follows:
Gosh
with regards to this paper, named PHP Security Paper (a study in
scarlet)...
http://www.securereality.com.au/studyinscarlet.txt
I always thought _PHPLIB was a defined constant, now I realize it is an
array
try this script please, which can override the $_PHPLIB[libdir] value.
in the third input field, which overrides _PHPLIB[libdir], type '/tmp/',
and it will include a file named 'test' there
Giancarlo
............
<?
if (!$HTTP_POST_VARS[step2])
{
?>
<form action="<?echo $PHP_SELF?>" method=post>
$HTTP_GET_VARS[mytest] var:<br>
<input name="HTTP_GET_VARS[mytest]" value="1" >
<br>
the variable $mytest2 var:<br>
<input type=text name="mytest2" value="2" >
<br>$_PHPLIB[libdir] var <br>
(trailing slash required, will include a file namet 'test' there)<br>
<input name="_PHPLIB[libdir]" value="1" >
<input type=submit name=step2>
</form>
<?
}
else
{
echo "the HTTP_GET_VARS[mytest] --> ".$HTTP_GET_VARS["mytest"]."<br>";
echo "the variable mytest2 --> ".$HTTP_POST_VARS["mytest2"]."<br>";
echo "_PHPLIB[libdir] --> ".$HTTP_POST_VARS["_PHPLIB"][libdir]."<br>";
echo "including the file 'test' in the submitted _PHPLIB[libdir]
directory<br>";
include ($_PHPLIB[libdir]."test");
}
?>
.......
file 'test' placed in /tmp/
<?
echo "<h1>CIAO</h1>";
?>
-- Abbestellen mit Mail an: phplib-unsubscribe <email protected> Kommandoliste mit Mail an: phplib-help <email protected>
- Next message: giancarlo pinerolo: "[phplib] [Fwd: ... and more]"
- Previous message: giancarlo pinerolo: "[phplib] [Fwd: security: READ THIS!]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]