SQL-инъекция в PHPCollab

MegaSecurityPatch from DrDios:

in includes/library.php:

____FIND______

function returnGlobal($var,$type)
{
if (phpversion() >= "4.1.0")
{
if ($type == "SERVER")
{
return $_SERVER[$var];
}
if ($type == "POST")
{
return $_POST[$var];
}
if ($type == "GET")
{
return $_GET[$var];
}
if ($type == "SESSION")
{
return $_SESSION[$var];
}
if ($type == "REQUEST")
{
return $_REQUEST[$var];
}
if ($type == "COOKIE")
{
return $_COOKIE[$var];
}
}
else
{
global $$var;
return $$var;
}
}

// register_globals cheat code
if (ini_get(register_globals) != "1")
{
//GET and POST VARS
while (list($key, $val) = @each($_REQUEST))
{
$GLOBALS[$key] = $val;
}
//$HTTP_SESSION_VARS
while (list($key, $val) = @each($_SESSION))
{
$GLOBALS[$key] = $val;
}
//$HTTP_SERVER_VARS
while (list($key, $val) = @each($_SERVER))
{
$GLOBALS[$key] = $val;
}
}

$msg = returnGlobal('msg','GET');
$session = returnGlobal('session','GET');
$logout = returnGlobal('logout','GET');
$idSession = returnGlobal('idSession','SESSION');
$dateunixSession = returnGlobal('dateunixSession','SESSION');
$loginSession = returnGlobal('loginSession','SESSION');
$profilSession = returnGlobal('profilSession','SESSION');
$logouttimeSession = returnGlobal('logouttimeSession','SESSION');

____REPLACE_____

Function spechars ($return)
{ $return= str_replace('"','"',$return);
$return= str_replace("'",''',$return);
$return= str_replace('=','=',$return);
$return= str_replace('$','$',$return);
$return= str_replace("\\",'\',$return);
return $return;
}
function returnGlobal($var,$type)
{
if (phpversion() >= "4.1.0")
{
if ($type == "SERVER")
{
$return= $_SERVER[$var];
}
if ($type == "POST")
{
$return= $_POST[$var];
}
if ($type == "GET")
{
$return= $_GET[$var];
}
if ($type == "SESSION")
{
$return= $_SESSION[$var];
}
if ($type == "REQUEST")
{
$return= $_REQUEST[$var];
}
if ($type == "COOKIE")
{
$return= $_COOKIE[$var];
}
return spechars($return);
}
else
{
global $$var;
return $$var;
}
}

// register_globals cheat code

//GET and POST VARS
while (list($key, $val) = @each($_REQUEST))
{
$GLOBALS[$key] = spechars($val);
}
//$HTTP_SESSION_VARS
while (list($key, $val) = @each($_SESSION))
{
$GLOBALS[$key] = spechars($val);
}
//$HTTP_SERVER_VARS
while (list($key, $val) = @each($_SERVER))
{
$GLOBALS[$key] = spechars($val);
}

____! set register_globals = 0 _____
in php.ini
register_globals=0;

or create file .htaccess witch text:
php_value register_globals 1

Логин:
Пароль:
	Запомнить меня на этом компьютере

Забыли свой пароль?

DrDios Guest	#1 Это нравится:0 Да/0 Нет 10.01.2007 13:05:04 Обсуждение статьи SQL-инъекция в PHPCollab

DrDios Guest	#2 Это нравится:0 Да/0 Нет 10.01.2007 13:05:05 MegaSecurityPatch from DrDios: in includes/library.php: ____FIND______ function returnGlobal($var,$type) { if (phpversion() >= "4.1.0") { if ($type == "SERVER") { return $_SERVER[$var]; } if ($type == "POST") { return $_POST[$var]; } if ($type == "GET") { return $_GET[$var]; } if ($type == "SESSION") { return $_SESSION[$var]; } if ($type == "REQUEST") { return $_REQUEST[$var]; } if ($type == "COOKIE") { return $_COOKIE[$var]; } } else { global $$var; return $$var; } } // register_globals cheat code if (ini_get(register_globals) != "1") { //GET and POST VARS while (list($key, $val) = @each($_REQUEST)) { $GLOBALS[$key] = $val; } //$HTTP_SESSION_VARS while (list($key, $val) = @each($_SESSION)) { $GLOBALS[$key] = $val; } //$HTTP_SERVER_VARS while (list($key, $val) = @each($_SERVER)) { $GLOBALS[$key] = $val; } } $msg = returnGlobal('msg','GET'); $session = returnGlobal('session','GET'); $logout = returnGlobal('logout','GET'); $idSession = returnGlobal('idSession','SESSION'); $dateunixSession = returnGlobal('dateunixSession','SESSION'); $loginSession = returnGlobal('loginSession','SESSION'); $profilSession = returnGlobal('profilSession','SESSION'); $logouttimeSession = returnGlobal('logouttimeSession','SESSION'); ____REPLACE_____ Function spechars ($return) { $return= str_replace('"','"',$return); $return= str_replace("'",''',$return); $return= str_replace('=','=',$return); $return= str_replace('$','$',$return); $return= str_replace("\\",'\',$return); return $return; } function returnGlobal($var,$type) { if (phpversion() >= "4.1.0") { if ($type == "SERVER") { $return= $_SERVER[$var]; } if ($type == "POST") { $return= $_POST[$var]; } if ($type == "GET") { $return= $_GET[$var]; } if ($type == "SESSION") { $return= $_SESSION[$var]; } if ($type == "REQUEST") { $return= $_REQUEST[$var]; } if ($type == "COOKIE") { $return= $_COOKIE[$var]; } return spechars($return); } else { global $$var; return $$var; } } // register_globals cheat code //GET and POST VARS while (list($key, $val) = @each($_REQUEST)) { $GLOBALS[$key] = spechars($val); } //$HTTP_SESSION_VARS while (list($key, $val) = @each($_SESSION)) { $GLOBALS[$key] = spechars($val); } //$HTTP_SERVER_VARS while (list($key, $val) = @each($_SERVER)) { $GLOBALS[$key] = spechars($val); } ____! set register_globals = 0 _____ in php.ini register_globals=0; or create file .htaccess witch text: php_value register_globals 1