[VIM] work system e-commerce?
Stuart Moore
smoore at securityglobal.net
Fri Nov 17 16:27:29 EST 2006
You are right -- I didn't look far enough for that nasty function.
Confirmed through testing, also.
Stuart
str0ke wrote:
>> Regarding http://www.milw0rm.com/exploits/2752 and Secunia SA22963,
>>
>> index.php first says:
>>
>> include ("include_includes.inc");
>>
>> which says:
>>
>> include 'include_config.php';
>>
>> which specifies $g_include.
>
> index.php contains.
>
>> include ("include_includes.inc");
>
> include_includes.inc contains.
>
>> include 'include_config.php';.
>
> include_config.php contains.
>
>> which sets the variable gl_include but later down the road you will
>> find global_register('GET','POST'); which pretty much makes this
>> vulnerable and overwrites the variable above.
>
> <?
> function global_register() {
> $num_args = func_num_args();
> if ($num_args > 0) {
> for ($i = 0; $i < $num_args; $i++) {
> $method = strtoupper(func_get_arg($i));
> if (($method != 'SESSION') && ($method != 'GET') && ($method !=
> 'POST') && ($method != 'SERVER') && ($method != 'COOKIE') && ($method
> != 'ENV')) {
> die("The \"$method\" is invalid argument, The argument of
> global_register must be the following: GET, POST, SESSION, SERVER,
> COOKIE, or ENV"); }
> $varname = "_{$method}";
> global ${$varname};
> foreach (${$varname} as $key => $val) {
> global ${$key};
> ${$key} = $val;
> }
> }
> }else{
> die('You must specify at least one argument');
> }
> }
> ?>
>
> /str0ke
>
More information about the VIM
mailing list