PHP :: Bug #20205 :: register_globals=on

Bug #20205	register_globals=on > Security vulnerability?
Submitted:	2002-10-31 15:52 UTC	Modified:	2002-10-31 16:14 UTC
From:	postfach74 at yahoo dot de	Assigned:
Status:	Not a bug	Package:	PHP options/info functions
PHP Version:	4.2.3	OS:	Linux - Suse 7.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	postfach74 at yahoo dot de
New email:
PHP Version:		OS:

New Comment:

[2002-10-31 15:52 UTC] postfach74 at yahoo dot de

Security vulnerability with register_globals=On:

write this script:

<?
echo chop(`/ $target`);
echo nl2br(`/ $target`); 
echo trim(`/ $target`); 
echo ltrim(`/ $target`);
?>


and open it in the browser like :

xx.php?target=%3Bcat+/etc/group

or

xx.php?target=%3Bls+/var/log

and so on.

If register_globals=On in the php.ini you can execute remote commands.
I`ve test this on 2 Server.

First Server:

Apache 1.2.24 and PHP 4.2.1 

'./configure' '--with-apxs=/usr/local/apache-1.3.24_01/bin/apxs' '--with-config-file-path=/usr/local/apache-1.3.24_01/conf' '--with-mysql=/usr' '--with-xml' '--with-gd=/usr/local' '--with-zlib' '--with-t1lib' '-with-pdflib=/usr/local' '--with-freetype-dir=/usr/local/lib' '--with-png-dir=/usr/local' '--with-gettext=/usr/local' '--with-mcrypt=/usr/local' '--with-jpeg-dir=/usr/local' '--with-tiff-dir=/usr/local' '--with-zlib-dir=/usr/local' '--enable-memory-limit=yes' '--enable-debug=no' '--enable-track-vars' '--enable-force-cgi-redirect' '--enable-ftp' '--enable-wddx' '--enable-gd-native-ttf'

Second Server:

Apache 1.2.27 and PHP 4.2.3
./configure' '--prefix=/usr/share' '--datadir=/usr/share/php' '--bindir=/usr/bin' '--libdir=/usr/share' '--with-config-file-path=/etc' '--with-exec-dir=/usr/lib/php/bin' '--with-mysql=/usr' '--with-gd=yes' '--enable-gd-native-ttf' '--enable-gd-imgstrttf' '--with-tiff-dir=/usr' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-ldap=yes' '--with-zlib=yes' '--with-bz2' '--with-gmp' '--with-xml' '--with-dom' '--with-ttf' '--with-t1lib' '--with-mcal=/usr' '--with-imap-ssl=yes' '--with-imap=yes' '--with-xslt-sablot=/usr' '--with-ftp' '--with-ndbm' '--with-gdbm' '--with-mcrypt' '--with-gettext' '--with-gd=yes' '--with-qtdom=/usr/lib/qt' '--enable-versioning' '--enable-yp' '--enable-bcmath' '--enable-trans-sid' '--enable-inline-optimization' '--enable-track-vars' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-shmop' '--enable-calendar' '--enable-mbstring' '--enable-exif' '--enable-ftp' '--enable-memory-limit' '--enable-wddx' '--enable-filepro' '--enable-dbase' '--enable-ctype' '--disable-debug' '--enable-force-cgi-redirect' '--enable-discard-path' '--enable-sigchild' '--with-openssl=/usr/local/ssl' '--with-snmp' '--with-apxs=/usr/sbin/apxs' 'i386-suse-linux'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-10-31 16:14 UTC] iliaa@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

Input validation is your friend.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 23:01:28 2024 UTC