Re: [Phpmyadmin-devel] MOPB-02-2007 deep recursion, phpMyAdmin affected?

1 Mar 2007

Marc Delisle schrieb:
...
  Sebastian Mendel a écrit :

http://www.php-security.org/MOPB/MOPB-02-2007.html

 i did not fully 'understand' how we are affected, but i think we are 
 affected somehow ... especially as i come to the sentence wehre phpMyAdmin 
 is explicitely mentioned ...

  We recursively call PMA_gpc_extract(), maybe we can do something about 
 this as a workaround to this PHP problem.

 To better see what happens, add a print_r() like this:

 function PMA_gpc_extract($array, &$target, $sanitize = true)
 {
      print_r($array);
      if ( ! is_array($array) ) {
          return false;
      } 
but this comes after the iteration over $GLOBALS and

PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);

so this is too late ... ;-)

...

 and call a modified version of the exploit

 curl http://127.0.0.1/phpmyadmin/ -d a`php -r 'echo
str_repeat("[a]",5);'`=1 

-- 
Sebastian Mendel

www.sebastianmendel.de

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [Phpmyadmin-devel] MOPB-02-2007 deep recursion, phpMyAdmin affected?