Re: Security problem in PHP3+Postgres with Potato?

To: debian-security@lists.debian.org
Subject: Re: Security problem in PHP3+Postgres with Potato?
From: Pavel Minev Penev <kal_pav@sz.techno-link.com>
Date: Wed, 27 Mar 2002 00:34:02 +0200
Message-id: <[🔎] 20020327003402.C1618@sz.techno-link.com>
Mail-followup-to: debian-security@lists.debian.org
Reply-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3C9F483D.558E2422@rd.francetelecom.com>
References: <[🔎] 3C9F483D.558E2422@rd.francetelecom.com>

On Mon, Mar 25, 2002 at 04:54:37PM +0100, Beno?t Sibaud wrote:
 
> I think I found a security problem in PHP3+postgres+apache shipped with
> Potato.
> 
> Correct me if I'm wrong, but the following code should support any $var.
> If you uncomment the client_encoding line, I'm able to execute any
> request I want with the good $var.
> 
> %<------------------------------
>   $conn = pg_connect("dbname=" . BASE_DOC . " port=" . BASE_PORT
>                    . " user=" . BASE_USER);
>   $var="XXXXXXXXX";
>   //pg_exec($conn, "SET client_encoding = 'LATIN1'");
>   $requete = "SELECT col FROM tab WHERE col='" . addslashes($var) . "'";
>   echo $requete;
>   $query = pg_exec($conn, $requete);
> %<------------------------------
 
Sorry, if I'm too blind, but what can you execute using $var?

-- 
Pav


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Security problem in PHP3+Postgres with Potato?
  - From: Benoît Sibaud <benoit.sibaud@rd.francetelecom.com>

Prev by Date: Re: Rootkit Detection
Next by Date: Bastian Gläßer/PD/Kreditwerk ist außer Haus.
Previous by thread: Security problem in PHP3+Postgres with Potato?
Next by thread: RE: Security problem in PHP3+Postgres with Potato?
Index(es):
- Date
- Thread