Security problem in PHP3+Postgres with Potato?

To: debian-security@lists.debian.org
Subject: Security problem in PHP3+Postgres with Potato?
From: Benoît Sibaud <benoit.sibaud@rd.francetelecom.com>
Date: Mon, 25 Mar 2002 16:54:37 +0100
Message-id: <[🔎] 3C9F483D.558E2422@rd.francetelecom.com>

Hi,

I think I found a security problem in PHP3+postgres+apache shipped with
Potato.

Correct me if I'm wrong, but the following code should support any $var.
If you uncomment the client_encoding line, I'm able to execute any
request I want with the good $var.

%<------------------------------
  $conn = pg_connect("dbname=" . BASE_DOC . " port=" . BASE_PORT
                   . " user=" . BASE_USER);
  $var="XXXXXXXXX";
  //pg_exec($conn, "SET client_encoding = 'LATIN1'");
  $requete = "SELECT col FROM tab WHERE col='" . addslashes($var) . "'";
  echo $requete;
  $query = pg_exec($conn, $requete);
%<------------------------------

Tested on Debian GNU/Linux Potato i386, with
apache         1.3.9-14
php3           3.0.18-0
php3-pgsql     3.0.18-0
postgresql     6.5.3-27

What's the normal way to make a security bug report?

-- 
Benoît Sibaud
R&D Engineer - France Telecom


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Security problem in PHP3+Postgres with Potato?
  - From: Pavel Minev Penev <kal_pav@sz.techno-link.com>

Prev by Date: Re: (A little OT) Introduction to cryptography
Next by Date: Re: (A little OT) Introduction to cryptography
Previous by thread: RE: failed ssh breakins on my exposed www box ..
Next by thread: Re: Security problem in PHP3+Postgres with Potato?
Index(es):
- Date
- Thread