Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier

Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier

From: Squid <squidsecurity_at_hushmail.com>
Date: 6 Jun 2004 06:25:34 -0000
('binary' encoding is not supported, stored as-is) In-Reply-To: <20040605125033.11956.qmail_at_www.securityfocus.com>

>
>Using eregi is NOT the problem. The problem is the usage of $_SERVER['PHP_SELF'] which can't handle URL requests which have a slash ('/') as their first character in the query_string and thinks this is part of it's path. Using SCRIPT_NAME is much safer...
>

I reported their use of eregi() WITH the NOT logical operator AGAINST $_SERVER['PHP_SELF'] is the problem not eregi() by itself

I agree using $_SERVER['SCRIPT_NAME'] is one way to fix it IF this element is available on the server. Since the manual says, "you may or may not find any of the following elements in $_SERVER," IMO it's safer to secure a file by checking whether a CONSTANT, which is defined in the calling script, exists in the called one.
Received on Jun 07 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos