[Phpmyadmin-devel] MOPB-02-2007 deep recursion,
Sebastian Mendel
lists at sebastianmendel.de
Thu Mar 1 21:21:35 CET 2007
Marc Delisle schrieb:
> Sebastian,
>
> this part of the patch:
> /**
> + * protect against deep recursion attack CVE-2006-1549,
> + * 1000 seems to be more than enough
> + *
> + * @see http://www.php-security.org/MOPB/MOPB-02-2007.html
> + * @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
> + */
> +if (count($GLOBALS) > 1000) {
> + die('possible deep recurse attack');
> +}
>
> is not reached when I test the attack of MOPB-02, it's the other part
> that protects for this attack.
>
> Do you know in which case this code would trigger? In the case of an
> attempt to override $GLOBALS?
>
it should trigger if and only if register_globals is on
More information about the Developers
mailing list