Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is unexpectedly escaped with backslashes
I may have forgotten to post my apology to the list. Someone already pointed out to me that sending this to the list was stupid, and I sincerely apologize. There's no excuse for what I did and I understand; I'll be more careful. Regards, --Toby - Original Message - From: "Jason Greene" <[EMAIL PROTECTED]> To: "Ignacio Vazquez-Abrams" <[EMAIL PROTECTED]>; "Toby Butzon" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, January 19, 2001 12:27 PM Subject: Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is unexpectedly escaped with backslashes > From a hostile standpoint, a sendmail server allowing VRFY is considered > bad, > /let alone giving the hacker detailed uid/gid structure of your system. > > Jason > - Original Message - > From: "Ignacio Vazquez-Abrams" <[EMAIL PROTECTED]> > To: "Toby Butzon" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Friday, January 19, 2001 9:02 AM > Subject: Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is > unexpectedly escaped with backslashes > > > > On Thu, 18 Jan 2001, Toby Butzon wrote: > > > > > As a side note, check this link out ;) > > > http://[removed]?file=/etc/passwd > > > > > > --Toby > > > > > > > Oh come on. Exposing this file even with shadow passwords in place is > still a > > HUGE risk, because now your userids are exposed and your system is > vulnerable > > to a brute-force attack. Never, EVER, do something as silly as this, > > especially in a public forum. > > > > -- > > Ignacio Vazquez-Abrams <[EMAIL PROTECTED]> > > > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is unexpectedly escaped with backslashes
>From a hostile standpoint, a sendmail server allowing VRFY is considered bad, /let alone giving the hacker detailed uid/gid structure of your system. Jason - Original Message - From: "Ignacio Vazquez-Abrams" <[EMAIL PROTECTED]> To: "Toby Butzon" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, January 19, 2001 9:02 AM Subject: Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is unexpectedly escaped with backslashes > On Thu, 18 Jan 2001, Toby Butzon wrote: > > > As a side note, check this link out ;) > > http://[removed]?file=/etc/passwd > > > > --Toby > > > > Oh come on. Exposing this file even with shadow passwords in place is still a > HUGE risk, because now your userids are exposed and your system is vulnerable > to a brute-force attack. Never, EVER, do something as silly as this, > especially in a public forum. > > -- > Ignacio Vazquez-Abrams <[EMAIL PROTECTED]> > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is unexpectedly escaped with backslashes
Umm, I think this is magic_quotes, but I'm not 100% on that because I
prefer not to use it. Check for magic_quotes being on in your php config
file.
As a side note, check this link out ;)
http://witca.dk/php/source.php?file=/etc/passwd
--Toby
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 18, 2001 10:37 PM
Subject: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is
unexpectedly escaped with backslashes
> From: [EMAIL PROTECTED]
> Operating system: Windows 2000, SunOS and Linux (
> PHP version: 4.0.4pl1
> PHP Bug Type: Scripting Engine problem
> Bug description: Recieved POST-form-data is unexpectedly escaped with
backslashes
>
> When using the -tag, the posted result is
unexpectedly changed so that single quotes ('), double quotes (") and
backslash (\) is recieved in backslash-escaped form (\', \", and \\).
>
> The unexpected results have been reproduced with PHP4 v4.0.2, v4.0.3pl1
and v4.0.4pl1 on Windows 2000 (downloaded binary from php.net), and with
PHP v4.0.3pl1 on SunOS SunOS v5.6 (amongst others). The tested browsers are
MS Internet Explorer 5.00, IE5.5sp1, Netscape v6.?? and Opera v5.??.
>
> However, php3 produces the EXPECTED, un-escaped result!!!
> This is tested with PHP v3.0.16 on SunOS v5.6 and PHP v3.0.11 on Linux
v2.0.30.
>
> You can experience both the expected and unexpected behavior yourself
with a tiny testscript I've written to trace the problem:
> http://witca.dk/php/posttest.php (PHP4)
> and http://witca.dk/php/posttest.php3 (PHP3)
>
> The source is visible at
> http://witca.dk/php/source.php?file=posttest.php
>
> The script sends the result to itself and shows it.
> You will notice that everything is passed on unmodified in the
php3-version, whereas the mentioned characters are escaped each time they
are sent through the php4-version (doubling the number of backslashes every
time!)
>
> phpinfo is available at
> http://witca.dk/php/phpinfo.php (php4)
> and http://witca.dk/php/phpinfo.php3 (php3).
>
> If this is a documented feature and not a bug as I expect I would really
apreciate being pointed to documentation of the "feature" and better yet,
how to work around the "feature"! ;)
>
> Thanks in advance! :)
> Mogens M. Christensen
>
>
> --
> Edit Bug report at: http://bugs.php.net/?id=8795&edit=1
>
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is unexpectedly escaped with backslashes
From: [EMAIL PROTECTED]
Operating system: Windows 2000, SunOS and Linux (
PHP version: 4.0.4pl1
PHP Bug Type: Scripting Engine problem
Bug description: Recieved POST-form-data is unexpectedly escaped with backslashes
When using the -tag, the posted result is unexpectedly changed
so that single quotes ('), double quotes (") and backslash (\) is recieved in
backslash-escaped form (\', \", and \\).
The unexpected results have been reproduced with PHP4 v4.0.2, v4.0.3pl1 and v4.0.4pl1
on Windows 2000 (downloaded binary from php.net), and with PHP v4.0.3pl1 on SunOS
SunOS v5.6 (amongst others). The tested browsers are MS Internet Explorer 5.00,
IE5.5sp1, Netscape v6.?? and Opera v5.??.
However, php3 produces the EXPECTED, un-escaped result!!!
This is tested with PHP v3.0.16 on SunOS v5.6 and PHP v3.0.11 on Linux v2.0.30.
You can experience both the expected and unexpected behavior yourself with a tiny
testscript I've written to trace the problem:
http://witca.dk/php/posttest.php (PHP4)
and http://witca.dk/php/posttest.php3 (PHP3)
The source is visible at
http://witca.dk/php/source.php?file=posttest.php
The script sends the result to itself and shows it.
You will notice that everything is passed on unmodified in the php3-version, whereas
the mentioned characters are escaped each time they are sent through the php4-version
(doubling the number of backslashes every time!)
phpinfo is available at
http://witca.dk/php/phpinfo.php (php4)
and http://witca.dk/php/phpinfo.php3 (php3).
If this is a documented feature and not a bug as I expect I would really apreciate
being pointed to documentation of the "feature" and better yet, how to work around the
"feature"! ;)
Thanks in advance! :)
Mogens M. Christensen
--
Edit Bug report at: http://bugs.php.net/?id=8795&edit=1
--
PHP Development Mailing List
