[35170] in bugtraq
Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke
daemon@ATHENA.MIT.EDU (Squid)
Mon Jun 7 16:01:16 2004
Date: 6 Jun 2004 06:25:34 -0000
Message-ID: <20040606062534.14334.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Squid <squidsecurity@hushmail.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20040605125033.11956.qmail@www.securityfocus.com>
>
>Using eregi is NOT the problem. The problem is the usage of $_SERVER['PHP_SELF'] which can't handle URL requests which have a slash ('/') as their first character in the query_string and thinks this is part of it's path. Using SCRIPT_NAME is much safer...
>
I reported their use of eregi() WITH the NOT logical operator AGAINST $_SERVER['PHP_SELF'] is the problem not eregi() by itself
I agree using $_SERVER['SCRIPT_NAME'] is one way to fix it IF this element is available on the server. Since the manual says, "you may or may not find any of the following elements in $_SERVER," IMO it's safer to secure a file by checking whether a CONSTANT, which is defined in the calling script, exists in the called one.
