Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier
From: Squid <squidsecurity@xxxxxxxxxxxx>
Date: 6 Jun 2004 06:25:34 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <20040605125033.11956.qmail@xxxxxxxxxxxxxxxxxxxxx>

>
>Using eregi is NOT the problem. The problem is the usage of 
>$_SERVER['PHP_SELF'] which can't handle URL requests which have a slash ('/') 
>as their first character in the query_string and thinks this is part of it's 
>path. Using SCRIPT_NAME is much safer...
>

I reported their use of eregi() WITH the NOT logical operator AGAINST 
$_SERVER['PHP_SELF'] is the problem not eregi() by itself  

I agree using $_SERVER['SCRIPT_NAME'] is one way to fix it IF this element is 
available on the server.  Since the manual says, "you may or may not find any 
of the following elements in $_SERVER," IMO it's safer to secure a file by 
checking whether a CONSTANT, which is defined in the calling script, exists in 
the called one.

Prev by Date: Re: Bank of America security e-mail address
Next by Date: cPanel mod_php suEXEC Taint Vulnerability
Previous by thread: Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier
Next by thread: MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname
Index(es):
- Date
- Thread