 |
 |
 |
 |
|
|
Date: 07/14/01
- Next message: nathan r. hruby: "[phplib] Re[2]: [phplib-dev] security: READ THIS!"
- Previous message: giancarlo pinerolo: "[phplib] security check of phplib site"
- In reply to: nathan r. hruby: "[phplib] Re: [phplib-dev] security: READ THIS!"
- Next in thread: nathan r. hruby: "[phplib] Re[2]: [phplib-dev] security: READ THIS!"
- Reply: nathan r. hruby: "[phplib] Re[2]: [phplib-dev] security: READ THIS!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello nathan,
Ok.. let me ask a stupid question here.
Exactly WHAT is the hole? You're redirecting $_PHPLIB[libdir]. Ok.. so my
prepend.php3 has the following:
require($_PHPLIB["libdir"] . "db_mysql.inc"); /* Change this to match your database. */
require($_PHPLIB["libdir"] . "ct_sql.inc"); /* Change this to match your data storage container */
require($_PHPLIB["libdir"] . "session.inc"); /* Required for everything below. */
require($_PHPLIB["libdir"] . "auth.inc"); /* Disable this, if you are not using authentication.
*/
require($_PHPLIB["libdir"] . "perm.inc"); /* Disable this, if you are not using permission check
s. */
require($_PHPLIB["libdir"] . "user.inc"); /* Disable this, if you are not using per-user variabl
es. */
require($_PHPLIB["libdir"] . "local.inc"); /* Required, contains your local configuration. */
require($_PHPLIB["libdir"] . "page.inc"); /* Required, contains the page management functions. *
/
Now since I define my database connections in local.inc, exactly WHAT is the
problem? My script won't work. Oh no! Some "hacker" just broke my script
but just for him/her. Or am I just being dense here?
Saturday, July 14, 2001, 8:35:56 AM, you wrote:
nrh> On Sat, 14 Jul 2001, giancarlo pinerolo wrote:
>> Gosh
>> with regards to this paper, named PHP Security Paper (a study in
>> scarlet)...
>>
>> http://www.securereality.com.au/studyinscarlet.txt
>>
>> I always thought _PHPLIB was a defined constant, now I realize it is an
>> array
>> try this script please, which can override the $_PHPLIB[libdir] value.
>>
>> in the third input field, which overrides _PHPLIB[libdir], type '/tmp/',
>> and it will include a file named 'test' there
>>
>> Giancarlo
nrh> [snip scripts]
nrh> This is becasue $_PHPLIB['libdir'] is only initalized if it isn't present.
nrh> Simply remvove the if(!(is_array($_PHPLIB)) { call and it will be better.
nrh> If you don't use this functionality in prepend.php3 (eg: you have phplib
nrh> in PHP's include_path) then simply define $_PHPLIB['libdir'] as a a NULL
nrh> or empty string.
nrh> Better yet, enable track_vars and disable register_globals for php, and
nrh> this won't be a problem, becasue your user input will be located in
nrh> $HTTP_GET_VARS['_PHPLIB'['libdir']] not in the global environment
nrh> -n
-- Abbestellen mit Mail an: phplib-unsubscribe <email protected> Kommandoliste mit Mail an: phplib-help <email protected>
- Next message: nathan r. hruby: "[phplib] Re[2]: [phplib-dev] security: READ THIS!"
- Previous message: giancarlo pinerolo: "[phplib] security check of phplib site"
- In reply to: nathan r. hruby: "[phplib] Re: [phplib-dev] security: READ THIS!"
- Next in thread: nathan r. hruby: "[phplib] Re[2]: [phplib-dev] security: READ THIS!"
- Reply: nathan r. hruby: "[phplib] Re[2]: [phplib-dev] security: READ THIS!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]