Bugtraq mailing list archives
Re: PHP parse_str() arbitrary variable overwrite
From: "Steven M. Christey" <coley () mitre org>
Date: Tue, 12 Jun 2007 19:53:37 -0400 (EDT)
Nice find, although it's not really clear to me whether this is intended functionality or not. I assume it's not intended by Hardened-PHP and Suhosin, at least :) You didn't mention this, but even if register_globals is disabled, this seems to work, at least in my PHP 4.4.4. Try the code below with: ?var=new --> generates an error (display_errors=1) that var2 is undefined ?var2=new --> prints "var2 = new" <?php $var = 'init'; # parse_str($_SERVER['QUERY_STRING']); # print "var = $var<p>\n"; # new print "var2 = $var2<p>\n"; # new ?> - Steve
Current thread:
- PHP parse_str() arbitrary variable overwrite gmdarkfig (Jun 12)
- <Possible follow-ups>
- Re: PHP parse_str() arbitrary variable overwrite admin (Jun 12)
- Re: PHP parse_str() arbitrary variable overwrite Steven M. Christey (Jun 13)
- Re: PHP parse_str() arbitrary variable overwrite Chuck Swiger (Jun 13)
- Re: Re: PHP parse_str() arbitrary variable overwrite gmdarkfig (Jun 13)