Re: [Phpmyadmin-devel] MOPB-02-2007 deep recursion, phpMyAdmin affected?

1 Mar 2007


      Sebastian Mendel a écrit :
...
http://www.php-security.org/MOPB/MOPB-02-2007.html
i did not fully 'understand' how we are affected, but i think we are 
affected somehow ... especially as i come to the sentence wehre phpMyAdmin 
is explicitely mentioned ...
We recursively call PMA_gpc_extract(), maybe we can do something about 
this as a workaround to this PHP problem.
To better see what happens, add a print_r() like this:
function PMA_gpc_extract($array, &$target, $sanitize = true)
{
     print_r($array);
     if ( ! is_array($array) ) {
         return false;
     }
and call a modified version of the exploit
curl http://127.0.0.1/phpmyadmin/ -d a`php -r 'echo str_repeat("[a]",5);'`=1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [Phpmyadmin-devel] MOPB-02-2007 deep recursion, phpMyAdmin affected?