Re: [Phpmyadmin-devel] MOPB-02-2007 deep recursion,

1 Mar 2007


      Marc Delisle schrieb:
...
Sebastian,
this part of the patch:
  /**


protect against deep recursion attack CVE-2006-1549,


1000 seems to be more than enough


@see http://www.php-security.org/MOPB/MOPB-02-2007.html


@see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549


*/

+if (count($GLOBALS) > 1000) {

die('possible deep recurse attack');

+}
is not reached when I test the attack of MOPB-02, it's the other part 
that protects for this attack.
Do you know in which case this code would trigger? In the case of an 
attempt to override $GLOBALS?
it should trigger if and only if register_globals is on

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [Phpmyadmin-devel] MOPB-02-2007 deep recursion,