[VIM] work system e-commerce?

str0ke str0ke at milw0rm.com
Fri Nov 17 14:08:02 EST 2006


> Regarding http://www.milw0rm.com/exploits/2752 and Secunia SA22963,
>
> index.php first says:
>
>    include ("include_includes.inc");
>
> which says:
>
>    include 'include_config.php';
>
> which specifies $g_include.

index.php contains.

> include ("include_includes.inc");

include_includes.inc contains.

> include 'include_config.php';.

include_config.php contains.

> which sets the variable gl_include but later down the road you will find global_register('GET','POST');  which pretty much makes this vulnerable and overwrites the variable above.

<?
function global_register() {
	$num_args = func_num_args();
	if ($num_args > 0) {
		for ($i = 0; $i < $num_args; $i++) {
			$method = strtoupper(func_get_arg($i));
			if (($method != 'SESSION') && ($method != 'GET') && ($method !=
'POST') && ($method != 'SERVER') && ($method != 'COOKIE') && ($method
!= 'ENV')) {
				die("The \"$method\" is invalid argument, The argument of
global_register must be the following: GET, POST, SESSION, SERVER,
COOKIE, or ENV"); }
			$varname = "_{$method}";
			global ${$varname};
			foreach (${$varname} as $key => $val) {
				global ${$key}; 	
				${$key} = $val;
			}
		}
	}else{
		die('You must specify at least one argument');
	}
}
?>

/str0ke


More information about the VIM mailing list