On Mon, Mar 25, 2002 at 04:54:37PM +0100, Beno?t Sibaud wrote:
> I think I found a security problem in PHP3+postgres+apache shipped with
> Potato.
>
> Correct me if I'm wrong, but the following code should support any $var.
> If you uncomment the client_encoding line, I'm able to execute any
> request I want with the good $var.
>
> %<------------------------------
> $conn = pg_connect("dbname=" . BASE_DOC . " port=" . BASE_PORT
> . " user=" . BASE_USER);
> $var="XXXXXXXXX";
> //pg_exec($conn, "SET client_encoding = 'LATIN1'");
> $requete = "SELECT col FROM tab WHERE col='" . addslashes($var) . "'";
> echo $requete;
> $query = pg_exec($conn, $requete);
> %<------------------------------
Sorry, if I'm too blind, but what can you execute using $var?
--
Pav
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
