[Phpmyadmin-devel] MOPB-02-2007 deep recursion, phpMyAdmin affected?
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Thu Mar 1 15:50:23 CET 2007
Sebastian Mendel a écrit :
> http://www.php-security.org/MOPB/MOPB-02-2007.html
>
> i did not fully 'understand' how we are affected, but i think we are
> affected somehow ... especially as i come to the sentence wehre phpMyAdmin
> is explicitely mentioned ...
>
>
>
We recursively call PMA_gpc_extract(), maybe we can do something about
this as a workaround to this PHP problem.
To better see what happens, add a print_r() like this:
function PMA_gpc_extract($array, &$target, $sanitize = true)
{
print_r($array);
if ( ! is_array($array) ) {
return false;
}
and call a modified version of the exploit
curl http://127.0.0.1/phpmyadmin/ -d a`php -r 'echo str_repeat("[a]",5);'`=1
More information about the Developers
mailing list