[Phpmyadmin-devel] MOPB-02-2007 deep recursion, phpMyAdmin affected?
Sebastian Mendel
lists at sebastianmendel.de
Thu Mar 1 16:01:00 CET 2007
Marc Delisle schrieb:
> Sebastian Mendel a écrit :
>> http://www.php-security.org/MOPB/MOPB-02-2007.html
>>
>> i did not fully 'understand' how we are affected, but i think we are
>> affected somehow ... especially as i come to the sentence wehre phpMyAdmin
>> is explicitely mentioned ...
>>
>>
>>
> We recursively call PMA_gpc_extract(), maybe we can do something about
> this as a workaround to this PHP problem.
>
> To better see what happens, add a print_r() like this:
>
> function PMA_gpc_extract($array, &$target, $sanitize = true)
> {
> print_r($array);
> if ( ! is_array($array) ) {
> return false;
> }
but this comes after the iteration over $GLOBALS and
PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
so this is too late ... ;-)
>
> and call a modified version of the exploit
>
> curl http://127.0.0.1/phpmyadmin/ -d a`php -r 'echo str_repeat("[a]",5);'`=1
--
Sebastian Mendel
www.sebastianmendel.de
More information about the Developers
mailing list