PHP :: Bug #20205 :: register_globals=on

Bug #20205	register_globals=on > Security vulnerability?
Submitted:	2002-10-31 15:52 UTC	Modified:	2002-10-31 16:14 UTC
From:	postfach74 at yahoo dot de	Assigned:
Status:	Not a bug	Package:	PHP options/info functions
PHP Version:	4.2.3	OS:	Linux - Suse 7.2
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-10-31 15:52 UTC] postfach74 at yahoo dot de

Security vulnerability with register_globals=On:

write this script:

<?
echo chop(`/ $target`);
echo nl2br(`/ $target`); 
echo trim(`/ $target`); 
echo ltrim(`/ $target`);
?>


and open it in the browser like :

xx.php?target=%3Bcat+/etc/group

or

xx.php?target=%3Bls+/var/log

and so on.

If register_globals=On in the php.ini you can execute remote commands.
I`ve test this on 2 Server.

First Server:

Apache 1.2.24 and PHP 4.2.1 

'./configure' '--with-apxs=/usr/local/apache-1.3.24_01/bin/apxs' '--with-config-file-path=/usr/local/apache-1.3.24_01/conf' '--with-mysql=/usr' '--with-xml' '--with-gd=/usr/local' '--with-zlib' '--with-t1lib' '-with-pdflib=/usr/local' '--with-freetype-dir=/usr/local/lib' '--with-png-dir=/usr/local' '--with-gettext=/usr/local' '--with-mcrypt=/usr/local' '--with-jpeg-dir=/usr/local' '--with-tiff-dir=/usr/local' '--with-zlib-dir=/usr/local' '--enable-memory-limit=yes' '--enable-debug=no' '--enable-track-vars' '--enable-force-cgi-redirect' '--enable-ftp' '--enable-wddx' '--enable-gd-native-ttf'

Second Server:

Apache 1.2.27 and PHP 4.2.3
./configure' '--prefix=/usr/share' '--datadir=/usr/share/php' '--bindir=/usr/bin' '--libdir=/usr/share' '--with-config-file-path=/etc' '--with-exec-dir=/usr/lib/php/bin' '--with-mysql=/usr' '--with-gd=yes' '--enable-gd-native-ttf' '--enable-gd-imgstrttf' '--with-tiff-dir=/usr' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-ldap=yes' '--with-zlib=yes' '--with-bz2' '--with-gmp' '--with-xml' '--with-dom' '--with-ttf' '--with-t1lib' '--with-mcal=/usr' '--with-imap-ssl=yes' '--with-imap=yes' '--with-xslt-sablot=/usr' '--with-ftp' '--with-ndbm' '--with-gdbm' '--with-mcrypt' '--with-gettext' '--with-gd=yes' '--with-qtdom=/usr/lib/qt' '--enable-versioning' '--enable-yp' '--enable-bcmath' '--enable-trans-sid' '--enable-inline-optimization' '--enable-track-vars' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-shmop' '--enable-calendar' '--enable-mbstring' '--enable-exif' '--enable-ftp' '--enable-memory-limit' '--enable-wddx' '--enable-filepro' '--enable-dbase' '--enable-ctype' '--disable-debug' '--enable-force-cgi-redirect' '--enable-discard-path' '--enable-sigchild' '--with-openssl=/usr/local/ssl' '--with-snmp' '--with-apxs=/usr/sbin/apxs' 'i386-suse-linux'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-10-31 16:14 UTC] iliaa@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

Input validation is your friend.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 27 05:01:29 2024 UTC