[cvs] commit: horde/services prefs.php
Michael M Slusarz
slusarz at horde.org
Mon Apr 7 17:59:04 UTC 2008
Quoting Chuck Hagenbuch <chuck at horde.org>:
> Quoting Michael M Slusarz <slusarz at horde.org>:
>
>> Log:
>> sanitize url input.
>
> This still lets you cause any PHP file to be included, such as config
> files - not inherently vulnerable, but combined with some other small
> thing, quite possibly. Can you backtrack and explain why this is
> necessary?
1st - how is including/requiring a config file this way any different
than what we do on every page load? If something is visible (i.e.
outside of PHP code) in config.php, it's going to be viewable on every
page load.
2nd - explanation: In DIMP, it is easy to parse this URL and do a
request entirely within a PHP session:
http://example.com/services/prefs.php?group=foo&app=bar
But how do you process this URL?
http://example.com/services/portal/rpcsum.php
michael
--
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the cvs
mailing list