php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16895 Bad char encoding
Submitted: 2002-04-29 03:45 UTC Modified: 2002-07-28 06:55 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: benoit dot sibaud at rd dot francetelecom dot com Assigned: yohgaki (profile)
Status: Wont fix Package: PostgreSQL related
PHP Version: 4.1.2 OS: GNU/Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: benoit dot sibaud at rd dot francetelecom dot com
New email:
PHP Version: OS:

 

 [2002-04-29 03:45 UTC] benoit dot sibaud at rd dot francetelecom dot com
Cf http://lists.debian.org/debian-security/2002/debian-security-200204/msg00328.html

A bad char encoding between PHP and PostgreSQL (don't know which is guilty here), followed by a bug in SQL queries in PostgreSQL can lead to execute any SQL request.

Sample code here:

%<----------------------------------------
   $conn = pg_connect("dbname=" . BASE_DOC . " port=" . BASE_PORT
                    . " user=" . BASE_USER);
   $var="?\'; BAD REQUEST";
   pg_exec($conn, "SET client_encoding = 'LATIN1'");
   $request = "SELECT col FROM tab WHERE col='" . addslashes($var) . "'";
%<----------------------------------------

See Debian-security archive for more details. Already tested on a Debian Woody with PHP-cgi 4.1.2 (+php4-pgsql+php4-pear).

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-20 20:28 UTC] yohgaki@php.net
Just a comment.
Those who are concerned about this problem, upgrade your PostgreSQL to 7.2.1 or later.

 [2002-07-28 06:55 UTC] yohgaki@php.net
Since this behavior occurs in libpq (PostgreSQL provided C programming interface), there is nothing much we can do that. 

Please update your PostgreSQL sever to 7.2.1 or later.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC