[Phpmyadmin-devel] Yet another XSS?

Sebastian Mendel lists at sebastianmendel.de
Wed Nov 23 08:00:02 CET 2005 

Michal Čihař wrote:
> Hi all
> 
> anyone working on this?
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340438

is already fixed

this is how we fixed this:

grab_globals.inc.php#34:

// protect against older PHP versions' bug about GLOBALS overwrite
// (no need to translate this one :) )
// but what if script.php?GLOABLS[admin]=1&GLOBALS[_REQUEST]=1 ???
if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] )
   || isset( $_SERVER['GLOBALS'] ) || isset( $_COOKIE['GLOBALS'] )
   || isset( $_ENV['GLOBALS'] ) ) {
     die( 'GLOBALS overwrite attempt' );
}





the original patch:
-------------------------------
Cross-site scripting by trusting potentially user-supplied input.


diff -u -p -Nr --exclude CVS 
phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php 
phpmyadmin-2.6.2/libraries/header_meta_style.inc.php
--- phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php	2005-03-07 
00:23:46.000000000 +0100
+++ phpmyadmin-2.6.2/libraries/header_meta_style.inc.php	2005-11-18 
07:08:56.000000000 +0100
@@ -2,6 +2,10 @@
  /* $Id: header_meta_style.inc.php,v 2.3 2005/03/06 23:23:46 nijel Exp $ */
  // vim: expandtab sw=4 ts=4 sts=4:

+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+    die("GLOBALS overwrite attempt");
+}
+
  /**
   * Sends the beginning of the html page then returns to the calling script
   */
diff -u -p -Nr --exclude CVS 
phpmyadmin-2.6.2.orig/libraries/header_http.inc.php 
phpmyadmin-2.6.2/libraries/header_http.inc.php
--- phpmyadmin-2.6.2.orig/libraries/header_http.inc.php	2004-04-27 
14:36:11.000000000 +0200
+++ phpmyadmin-2.6.2/libraries/header_http.inc.php	2005-11-18 
22:06:46.000000000 +0100
@@ -2,6 +2,10 @@
  /* $Id: header_http.inc.php,v 2.1 2004/04/27 12:36:11 nijel Exp $ */
  // vim: expandtab sw=4 ts=4 sts=4:

+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+    die("GLOBALS overwrite attempt");
+}
+
  /**
   * Sends http headers
   */
-----------------------------


-- 
Sebastian Mendel

www.sebastianmendel.de
www.sf.net/projects/phpdatetime | www.sf.net/projects/phptimesheet

More information about the Developers mailing list