[21331] in bugtraq
Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P
daemon@ATHENA.MIT.EDU (Forrest J Cavalier III)
Tue Jul 3 16:33:55 2001
Message-Id: <200107031429.f63ET1T07931@bean.epix.net>
From: "Forrest J Cavalier III" <forrest@mibsoftware.com>
To: bugtraq@securityfocus.com
Date: Tue, 3 Jul 2001 10:25:36 -0400
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Reply-To: forrest@mibsoftware.com
Cc: forrest@mibsoftware.com
Shaun Clowes writes.
[snip]
> 6. Library Files
[snip]
> When libdir/loadlanguage.php is called in the defined context of main.php it is
> perfectly safe. But because libdir/loadlanguage has the extension .php (it
> doesn't have to have that extension, include() works on any file) it can be
> requested and executed by a remote attacker. When out of context an attacker
> can set $langDir and $userLang to whatever they wish.
>
I find it good practice that PHP included files have ONLY
function definitions, (and perhaps some assignments of
global configuration variables.)
The reason is that when such a file is requested directly,
no actions are taken. The result is a blank document.
Thank you for sharing a very nice summary paper.
Forrest J. Cavalier III, Mib Software Voice 570-992-8824
http://www.rocketaware.com/ has over 30,000 links to
source, libraries, functions, applications, and documentation.
