> Then is it possible to insert php commands? I wrote in the paper it was based
> off of theory but theory doesn't always cut the cheese. This isn't going
> to be published until I correct the errors. Also would tcl,python, xml, other
> have this same issue?

[Quoting from the paper]
>Referer: passthru("ls /tmp");
>User-Agent: system("/bin/id");

I don't believe this is likely. These code fragments are going to reach PHP as
strings - unless the PHP log analysis script actually eval's the referer,
there's no danger. There's no reason I can think of to do that.

If that passthru is being executed at any point, then when any normal referer
field hits the execution PHP is going to spit lotsa errors.

The only vulnerability I can see here is if someone was to assume that the
referer field was always an URL, and for example used fopen() to retrieve it.
Unlikely, though.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]