Sebastian Mendel a écrit :
http://www.php-security.org/MOPB/MOPB-02-2007.html
i did not fully 'understand' how we are affected, but i think we are
affected somehow ... especially as i come to the sentence wehre phpMyAdmin
is explicitely mentioned ...
We recursively call PMA_gpc_extract(), maybe we can do something about
this as a workaround to this PHP problem.
To better see what happens, add a print_r() like this:
function PMA_gpc_extract($array, &$target, $sanitize = true)
{
print_r($array);
if ( ! is_array($array) ) {
return false;
}
and call a modified version of the exploit
curl
http://127.0.0.1/phpmyadmin/ -d a`php -r 'echo
str_repeat("[a]",5);'`=1