ID: 20205 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Bogus Bug Type: PHP options/info functions Operating System: Linux - Suse 7.2 PHP Version: 4.2.3 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Thank you for your interest in PHP. Input validation is your friend. Previous Comments: ------------------------------------------------------------------------ [2002-10-31 15:52:35] [EMAIL PROTECTED] Security vulnerability with register_globals=On: write this script: <? echo chop(`/ $target`); echo nl2br(`/ $target`); echo trim(`/ $target`); echo ltrim(`/ $target`); ?> and open it in the browser like : xx.php?target=%3Bcat+/etc/group or xx.php?target=%3Bls+/var/log and so on. If register_globals=On in the php.ini you can execute remote commands. I`ve test this on 2 Server. First Server: Apache 1.2.24 and PHP 4.2.1 './configure' '--with-apxs=/usr/local/apache-1.3.24_01/bin/apxs' '--with-config-file-path=/usr/local/apache-1.3.24_01/conf' '--with-mysql=/usr' '--with-xml' '--with-gd=/usr/local' '--with-zlib' '--with-t1lib' '-with-pdflib=/usr/local' '--with-freetype-dir=/usr/local/lib' '--with-png-dir=/usr/local' '--with-gettext=/usr/local' '--with-mcrypt=/usr/local' '--with-jpeg-dir=/usr/local' '--with-tiff-dir=/usr/local' '--with-zlib-dir=/usr/local' '--enable-memory-limit=yes' '--enable-debug=no' '--enable-track-vars' '--enable-force-cgi-redirect' '--enable-ftp' '--enable-wddx' '--enable-gd-native-ttf' Second Server: Apache 1.2.27 and PHP 4.2.3 ./configure' '--prefix=/usr/share' '--datadir=/usr/share/php' '--bindir=/usr/bin' '--libdir=/usr/share' '--with-config-file-path=/etc' '--with-exec-dir=/usr/lib/php/bin' '--with-mysql=/usr' '--with-gd=yes' '--enable-gd-native-ttf' '--enable-gd-imgstrttf' '--with-tiff-dir=/usr' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-ldap=yes' '--with-zlib=yes' '--with-bz2' '--with-gmp' '--with-xml' '--with-dom' '--with-ttf' '--with-t1lib' '--with-mcal=/usr' '--with-imap-ssl=yes' '--with-imap=yes' '--with-xslt-sablot=/usr' '--with-ftp' '--with-ndbm' '--with-gdbm' '--with-mcrypt' '--with-gettext' '--with-gd=yes' '--with-qtdom=/usr/lib/qt' '--enable-versioning' '--enable-yp' '--enable-bcmath' '--enable-trans-sid' '--enable-inline-optimization' '--enable-track-vars' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-shmop' '--enable-calendar' '--enable-mbstring' '--enable-exif' '--enable-ftp' '--enable-memory-limit' '--enable-wddx' '--enable-filepro' '--enable-dbase' '--enable-ctype' '--disable-debug' '--enable-force-cgi-redirect' '--enable-discard-path' '--enable-sigchild' '--with-openssl=/usr/local/ssl' '--with-snmp' '--with-apxs=/usr/sbin/apxs' 'i386-suse-linux' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20205&edit=1
