Security threat - globals overwrite - Mambo

counterpoint · November 21st, 2005, 06:28

The question has been raised whether the fix should also be applied to the index.php, index2.php and index3.php files in /administrator. The safe answer is yes. The admin side is less obviously vulnerable, but we cannot be sure it is safe without the fix. Patched copies of the files for Mambo 4.5.2.3 are attached. For other versions, please edit the files using the fix shown below (it is exactly the same as for the user side) either as the first executable statements, or immediately after the define of _VALID_MOS.

PHP Code:


			
$protects = array('_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_ENV', 'GLOBALS', '_SESSION');



foreach ($protects as $protect) {

    if ( in_array($protect , array_keys($_REQUEST)) ||

         in_array($protect , array_keys($_GET)) ||

         in_array($protect , array_keys($_POST)) ||

         in_array($protect , array_keys($_COOKIE)) ||

         in_array($protect , array_keys($_FILES))) {

        die("Invalid Request.");

    }

}

counterpoint · November 21st, 2005, 06:30

Here are the fixed files.

November 21st, 2005, 06:28	#1
counterpoint Join Date: Sep 2005 Location: Yorkshire, England Posts: 1,372	Security threat - globals overwrite The question has been raised whether the fix should also be applied to the index.php, index2.php and index3.php files in /administrator. The safe answer is yes. The admin side is less obviously vulnerable, but we cannot be sure it is safe without the fix. Patched copies of the files for Mambo 4.5.2.3 are attached. For other versions, please edit the files using the fix shown below (it is exactly the same as for the user side) either as the first executable statements, or immediately after the define of _VALID_MOS. PHP Code: $protects = array('_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_ENV', 'GLOBALS', '_SESSION'); foreach ($protects as $protect) { if ( in_array($protect , array_keys($_REQUEST)) \|\| in_array($protect , array_keys($_GET)) \|\| in_array($protect , array_keys($_POST)) \|\| in_array($protect , array_keys($_COOKIE)) \|\| in_array($protect , array_keys($_FILES))) { die("Invalid Request."); } }

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Possible security threat - globals overwrite	counterpoint	Security Announcements	1	November 21st, 2005 04:11
Turning Register Globals Off in .htaccess	brucesenator	Installation Questions	4	October 16th, 2005 02:40
Zlib Security Flaw Exposes Swath of Programs	kenmcd	Security & Performance	2	August 16th, 2005 14:12
Upgrade Security Levels PLEASE!	Adrian_A	Wishlist & Feature Requests	7	July 11th, 2005 14:00