Any problems with the next job for php error # 53632

Question

Any problems with the next job for php error # 53632

I need a quick fix for php to prevent php bug related attacks from my server # 53632

Some of my servers are 32-bit and contain various php client scripts.

Ideally, I will fix PHP to the latest version, but at the same time I thought that using the auto_prepend_file php.ini directive automatically turn on the fix will buy me some time. Can you see any problems with this interim fix?

So, I edited the php.ini file and added:

auto_prepend_file = c:\wamp\www\php-53632-fix.php

code:

 <?php if ($_REQUEST) { foreach ($_REQUEST as $fixKey => $fixValue) { if (strstr(str_replace('.','',$fixValue),'22250738585072011')) { unset($_REQUEST[$fixKey]); unset($_COOKIE[$fixKey]); unset($_POST[$fixKey]); unset($_GET[$fixKey]); $GLOBALS[$fixKey]=""; } } reset($_REQUEST); unset($fixKey); unset($fixValue); } if ($_SERVER) { foreach ($_SERVER as $fixKey => $fixValue) { if (strstr(str_replace('.','',$fixValue),'22250738585072011')) { unset($_SERVER[$fixKey]); $GLOBALS[$fixKey]=""; } } reset($_SERVER); unset($fixKey); unset($fixValue); }

0

php

Luke pm Jan 6 '11 at 0:23

source share

3 answers

Why do you want to continue a clearly malicious request? I would just terminate the script as here .

+3

rik Jan 6 '11 at 1:34

source share

I agree, just delete the script as soon as you come across one of the bad values.

See http://www.aircraft24.com/en/info/php-float-dos-quickfix.htm for our latest workaround.

0

Sebastian Jan 6 '11 at 10:40

source share

Mal · Accepted Answer · 2011-01-07T09:22:09+0000

It depends on the fact that there is no hiding of the REQUEST variable.

Sending a malicious request in index.php? var = 2.22507 ... and providing a POST variable also named var, only one will appear in the REQUEST array. A maximum of two and a minimum of one request to bypass this filter are required.

  GET[var] POST[var] REQUEST[var] req1 test 2.225.. test req2 2.225.. test 2.225..

One will result in the request not being detected depending on the server configuration. This can also be done using other combinations, i.e. GET / COOKIE, POST / COOKIE, etc., you will get this idea.

Each array must be checked individually. In fact, you can even leave without checking REQUEST, this is a collection. This is a bit more overhead, but it is safer if you cannot guarantee that you never use $ _GET, $ _POST or $ _COOKIE directly in your code.

Any problems with the next job for php error # 53632

More articles: