Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57863 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 78209 invoked from network); 14 Feb 2012 13:07:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Feb 2012 13:07:45 -0000 Authentication-Results: pb1.pair.com smtp.mail=h.reindl@thelounge.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=h.reindl@thelounge.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender) X-PHP-List-Original-Sender: h.reindl@thelounge.net X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net Received: from [91.118.73.15] ([91.118.73.15:49023] helo=mail.thelounge.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C4/21-06943-E9C5A3F4 for ; Tue, 14 Feb 2012 08:07:43 -0500 Received: from rh.thelounge.net (rh.thelounge.net [10.0.0.99]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (Postfix) with ESMTPSA id 6788D8F for ; Tue, 14 Feb 2012 14:07:39 +0100 (CET) Message-ID: <4F3A5C9B.5060808@thelounge.net> Date: Tue, 14 Feb 2012 14:07:39 +0100 Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.1) Gecko/20120209 Thunderbird/10.0.1 MIME-Version: 1.0 To: internals@lists.php.net References: <4F3A5B70.3020707@co3k.org> In-Reply-To: <4F3A5B70.3020707@co3k.org> X-Enigmail-Version: 1.3.5 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig19D3762565D5C69998C3B42A" Subject: Re: [PHP-DEV] About CVE-2012-0831 (magic_quotes_gpc remote disable vulnerability?) From: h.reindl@thelounge.net (Reindl Harald) --------------enig19D3762565D5C69998C3B42A Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: quoted-printable Am 14.02.2012 14:02, schrieb Kousuke Ebihara: > Hi, >=20 > I've noticed the following CVE: >=20 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2012-0831 >=20 >> PHP before 5.3.10 does not properly perform a temporary change to the = magic_quotes_gpc directive during the importing of environment variables,= which makes it easier for remote attackers to conduct SQL injection atta= cks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_= main.c, and sapi/fpm/fpm/fpm_main.c.=20 who in the world has magic_quotes on and does rely on any addslashes() or magic_quotes thinking this makes any query safe against sql-injection? without mysql_real_escape() you are completly unprotected in every case and magic_quotes was one of the badest things ever implemented --------------enig19D3762565D5C69998C3B42A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk86XJsACgkQhmBjz394Annf2gCfTO9wXpqhTS8q3mUUTXdyMNyK awYAnjA46V8F+W3RopMyCydKJrTPLQew =1iYZ -----END PGP SIGNATURE----- --------------enig19D3762565D5C69998C3B42A--