People have recently realised that there is a weakness in some versions of PHP that can be exploited to execute arbitrary PHP. You can find details of the problem at http://www.hardened-php.net/index.76.html and there is a good discussion about the issue at Sitepoint http://www.sitepoint.com/forums/showthread.php?t=312884. So far as we can tell, the vulnerability does not affect PHP 4.4.1 or PHP 5.0.4 or later.
The exploit will be blocked in Mambo 4.5.3 to be released later this month. If you would like to fix any version of Mambo before the release is available, then you should insert the following code in the index.php and index2.php files in the Mambo document root. The code should go just after the line of actual code, which is the DEFINE of _VALID_MOS. The code is:
This solution is probably overkill, but should block any attack of this nature.
The exploit will be blocked in Mambo 4.5.3 to be released later this month. If you would like to fix any version of Mambo before the release is available, then you should insert the following code in the index.php and index2.php files in the Mambo document root. The code should go just after the line of actual code, which is the DEFINE of _VALID_MOS. The code is:
Code:
Code:
PHP Code:
$protect = array('_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_ENV', 'GLOBALS', '_SESSION');
if ( in_array($protect , array_keys($_REQUEST)) ||
in_array($protect , array_keys($_GET)) ||
in_array($protect , array_keys($_POST)) ||
in_array($protect , array_keys($_COOKIE)) ||
in_array($protect , array_keys($_FILES))) {
die("Invalid Request.");
}This solution is probably overkill, but should block any attack of this nature.