1 files changed, 45 insertions, 0 deletions
diff --git a/informationals/teso-i0015.txt b/informationals/teso-i0015.txt
new file mode 100644
index 0000000..e3ed9d9
--- /dev/null
+++ b/informationals/teso-i0015.txt
@@ -0,0 +1,45 @@
+0015 2000/02/19  Possible security weakness in implementation of PHP3 scripts
+==== TESO Informational =======================================================
+This piece of information is to be kept confidential.
+===============================================================================
+Description ..........: set values for PHP variables from URL handler
+Date .................: 2000/01/19 00:01
+Author ...............: hendy
+Publicity level ......: unknown?
+Affected .............: PHP3 scripting engine, possibly other scripting
+                        languages
+Type of entity .......: PHP(3)
+Severity/Importance ..: low
+Found by .............: hendy
+Information ===================================================================
+In PHP it is possible to supply 'external' variables via HTTP POST or GET 
+methods which is useful for html-forms or something. the weakness in this 
+implementation is that anybody can easily set values for variables.
+for example you can request
+http://teso.scene.at/index.php3?foo=bar
+within the PHP script index.php3 there will be the variable $foo with value
+bar. this should be no real problem, because usually coders initialize 
+variables in the program if they first use it. but there are some exceptions
+where (lazy?) coders often do
+while(bleh)
+{
+    $foo = $foo . $bar;
+    ...
+}
+so you could insert code into the variable $foo now. such loops are for example
+used for dynamically making mysql query code, you can insert your own code
+then, exploiting the backend database.
+there is one point which is still very difficult: whats the name of the
+variable(s) used, and for what. i dont have a solution for that, sorry. brute
+force and a bit brain is the best solution IMHO ;)
+===============================================================================

diff --git a/informationals/teso-i0015.txt b/informationals/teso-i0015.txt new file mode 100644 index 0000000..e3ed9d9 --- /dev/null +++ b/informationals/teso-i0015.txt
@@ -0,0 +1,45 @@
	1	0015 2000/02/19 Possible security weakness in implementation of PHP3 scripts
	2
	3	==== TESO Informational =======================================================
	4	This piece of information is to be kept confidential.
	5	===============================================================================
	6
	7	Description ..........: set values for PHP variables from URL handler
	8	Date .................: 2000/01/19 00:01
	9	Author ...............: hendy
	10	Publicity level ......: unknown?
	11	Affected .............: PHP3 scripting engine, possibly other scripting
	12	languages
	13	Type of entity .......: PHP(3)
	14	Severity/Importance ..: low
	15	Found by .............: hendy
	16
	17	Information ===================================================================
	18
	19	In PHP it is possible to supply 'external' variables via HTTP POST or GET
	20	methods which is useful for html-forms or something. the weakness in this
	21	implementation is that anybody can easily set values for variables.
	22	for example you can request
	23
	24	http://teso.scene.at/index.php3?foo=bar
	25
	26	within the PHP script index.php3 there will be the variable $foo with value
	27	bar. this should be no real problem, because usually coders initialize
	28	variables in the program if they first use it. but there are some exceptions
	29	where (lazy?) coders often do
	30
	31	while(bleh)
	32	{
	33	$foo = $foo . $bar;
	34	...
	35	}
	36
	37	so you could insert code into the variable $foo now. such loops are for example
	38	used for dynamically making mysql query code, you can insert your own code
	39	then, exploiting the backend database.
	40
	41	there is one point which is still very difficult: whats the name of the
	42	variable(s) used, and for what. i dont have a solution for that, sorry. brute
	43	force and a bit brain is the best solution IMHO ;)
	44
	45	===============================================================================