From Marc.Delisle@cegepsherbrooke.qc.ca Fri Mar  2 07:14:23 2007
From: Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca>
To: developers@phpmyadmin.net
Subject: Re: [Phpmyadmin-devel] MOPB-02-2007 deep recursion,
Date: Fri, 02 Mar 2007 10:13:58 -0500
Message-ID: <45E83F36.7070300@cegepsherbrooke.qc.ca>
In-Reply-To: <45E83E10.4040800@sebastianmendel.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7213769163604658205=="

--===============7213769163604658205==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Sebastian Mendel a écrit :
> Marc Delisle schrieb:
>> curl http://localhost/phpmyadmin/?`php -r 'for ($i=1; $i < 1000; $i++)
>> {echo "x" . $i . "=a&amp;";}'`
>>
>>  -> URI too long
>>
>> curl http://localhost/phpmyadmin/?`php -r 'for ($i=1; $i < 1000; $i++)
>> {echo "x" . $i . "=a&";}'`
>>
>> -> login form
>>
>> curl http://localhost/phpmyadmin/?`php -r 'for ($i=1; $i < 1000; $i++)
>> {echo "x" . $i . "=1&amp;";}'`
>>
>> -> URI too long
> 
> works for me:
> 
> deep_recusrion.php
> <?php
> echo 'register_globals: ' . ini_get('register_globals');
> echo '<hr />';
> echo '<a href="?';
> for ($i = 1; $i < 1010; $i++) {echo "x" . $i . "=a&";}
> echo '">klick to test protection against 1000+ vars</a>';
> echo '<hr />';
> 
> if (count($GLOBALS) > 1000) {
>     die('deep recursion attack');
> }
> ?>
> 
> 

I wrote that I was testing an unpatched PMA. I'm not saying that our 
"if" does not work, I'm saying that I don't see the goal of checking the 
size of $GLOBALS.

Marc


--===============7213769163604658205==--