[cvs] commit: horde/services prefs.php

Michael M Slusarz slusarz at horde.org
Mon Apr 7 17:59:04 UTC 2008


Quoting Chuck Hagenbuch <chuck at horde.org>:

> Quoting Michael M Slusarz <slusarz at horde.org>:
>
>>   Log:
>>   sanitize url input.
>
> This still lets you cause any PHP file to be included, such as config
> files - not inherently vulnerable, but combined with some other small
> thing, quite possibly. Can you backtrack and explain why this is
> necessary?

1st - how is including/requiring a config file this way any different  
than what we do on every page load?  If something is visible (i.e.  
outside of PHP code) in config.php, it's going to be viewable on every  
page load.

2nd - explanation: In DIMP, it is easy to parse this URL and do a  
request entirely within a PHP session:
http://example.com/services/prefs.php?group=foo&app=bar

But how do you process this URL?
http://example.com/services/portal/rpcsum.php

michael

-- 
___________________________________
Michael Slusarz [slusarz at horde.org]



More information about the cvs mailing list