[VIM] work system e-commerce?
str0ke
str0ke at milw0rm.com
Fri Nov 17 14:08:02 EST 2006
> Regarding http://www.milw0rm.com/exploits/2752 and Secunia SA22963,
>
> index.php first says:
>
> include ("include_includes.inc");
>
> which says:
>
> include 'include_config.php';
>
> which specifies $g_include.
index.php contains.
> include ("include_includes.inc");
include_includes.inc contains.
> include 'include_config.php';.
include_config.php contains.
> which sets the variable gl_include but later down the road you will find global_register('GET','POST'); which pretty much makes this vulnerable and overwrites the variable above.
<?
function global_register() {
$num_args = func_num_args();
if ($num_args > 0) {
for ($i = 0; $i < $num_args; $i++) {
$method = strtoupper(func_get_arg($i));
if (($method != 'SESSION') && ($method != 'GET') && ($method !=
'POST') && ($method != 'SERVER') && ($method != 'COOKIE') && ($method
!= 'ENV')) {
die("The \"$method\" is invalid argument, The argument of
global_register must be the following: GET, POST, SESSION, SERVER,
COOKIE, or ENV"); }
$varname = "_{$method}";
global ${$varname};
foreach (${$varname} as $key => $val) {
global ${$key};
${$key} = $val;
}
}
}else{
die('You must specify at least one argument');
}
}
?>
/str0ke
More information about the VIM
mailing list