Vigil@nce - PHP: disabling magic_quote_gpc
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use an environment variable, in order to disable
magic_quote_gpc.
Severity: 2/4
Creation date: 13/02/2012
IMPACTED PRODUCTS
– Debian Linux
– PHP
DESCRIPTION OF THE VULNERABILITY
The magic_quote_gpc directive is used to automatically escape
variables coming from queries (GET, POST, Cookies). So, if
developers forgot to filter parameters in a SQL query, this
features for example blocks an SQL injection.
When a PHP application loads an environment variable, this feature
is disabled. However, it is not enabled back. Variables which are
loaded after are thus not escaped, and can for example be used for
an SQL injection.
An attacker can therefore use an environment variable, in order to
disable magic_quote_gpc.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-disabling-magic-quote-gpc-11355