I am not a PHP developer but I'm assessing the security of a PHP5 application.
The author relied on extract($_POST)
and extract($_GET)
in some places, outside of functions.
My suggestion is to call extract($_POST, EXTR_PREFIX_ALL, 'form')
and change the code accordingly, but his stance is that any variable is being redefined inside subsequent includes anyway.
I can easily change the superglobals by providing, for instance, _ENV=something
inside the post values, but superglobals are arrays and I'm turning them into strings, I'm not sure it can have evil effects.
I could have a look at the several isset()
uses and go backwards from there.. but I imagine there are attacks of this kind that don't require knowledge or divination of the source.
Is there some interesting variable to be set/changed, maybe in the innards of PHP?
Thanks
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…