|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <002601c05b0e$e21b8ce0$0400a8c0@corbusier.org> Date: Thu, 30 Nov 2000 20:48:22 -0000 Reply-To: =?iso-8859-1?Q?Jo=E3o_Gouveia?= <cercthar@TELEWEB.PT> From: =?iso-8859-1?Q?Jo=E3o_Gouveia?= <cercthar@TELEWEB.PT> To: BUGTRAQ@SECURITYFOCUS.COM Hi, ----- Original Message ----- From: "Shaun Clowes" <shaun@securereality.com.au> To: <BUGTRAQ@SECURITYFOCUS.COM> Sent: Thursday, November 30, 2000 8:25 AM Subject: Re: Security problems with TWIG webmail system (snip) > If I provide the exploit input via POST, or COOKIE I will achieve the same effect, > simply checking GET is not enough. I would suggest my initial workaround was > more suitable since it prevents ANY configuration information being provided > by remote input, however the above suggestion could easily be extended like > so: > > if( $vhosts[$SERVER_NAME] && > !isset($HTTP_GET_VARS[vhosts]) && > !isset($HTTP_POST_VARS[vhosts]) && > !isset($HTTP_COOKIE_VARS[vhosts])) That's not an option. Try this example script: <quote> <? echo "$HTTP_POST_VARS<br> $HTTP_GET_VARS<br> $HTTP_COOKIE_VARS"; ?> </quote> And call it like this: script.php?HTTP_GET_VARS=test&HTTP_POST_VARS=test&HTTP_COOKIE_VARS=test Or better yet: script.php?HTTP_GET_VARS=&HTTP_POST_VARS=&HTTP_COOKIE_VARS= Best regards, Joao Gouveia aka Tharbad.
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |