[Phpmyadmin-devel] MOPB-02-2007 deep recursion, phpMyAdmin affected?

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Thu Mar 1 15:50:23 CET 2007

Sebastian Mendel a écrit :
> http://www.php-security.org/MOPB/MOPB-02-2007.html
> i did not fully 'understand' how we are affected, but i think we are 
> affected somehow ... especially as i come to the sentence wehre phpMyAdmin 
> is explicitely mentioned ...
We recursively call PMA_gpc_extract(), maybe we can do something about 
this as a workaround to this PHP problem.

To better see what happens, add a print_r() like this:

function PMA_gpc_extract($array, &$target, $sanitize = true)
     if ( ! is_array($array) ) {
         return false;

and call a modified version of the exploit

curl -d a`php -r 'echo str_repeat("[a]",5);'`=1

More information about the Developers mailing list