Bugtraq mailing list archives
Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P
From: "Forrest J Cavalier III" <forrest () mibsoftware com>
Date: Tue, 3 Jul 2001 10:25:36 -0400
Shaun Clowes writes. [snip]
6. Library Files
[snip]
When libdir/loadlanguage.php is called in the defined context of main.php it is perfectly safe. But because libdir/loadlanguage has the extension .php (it doesn't have to have that extension, include() works on any file) it can be requested and executed by a remote attacker. When out of context an attacker can set $langDir and $userLang to whatever they wish.
I find it good practice that PHP included files have ONLY function definitions, (and perhaps some assignments of global configuration variables.) The reason is that when such a file is requested directly, no actions are taken. The result is a blank document. Thank you for sharing a very nice summary paper. Forrest J. Cavalier III, Mib Software Voice 570-992-8824 http://www.rocketaware.com/ has over 30,000 links to source, libraries, functions, applications, and documentation.
Current thread:
- Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P Forrest J Cavalier III (Jul 03)
- Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P David Nugent (Jul 05)