Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix for Secunia Advisory SA18267, plus some logging of suspicious act…

…ivity.
  • Loading branch information...
commit ae3c8f147ec7a0bd84e1484758fa13b7819f977a 1 parent 3a8bce5
martinlanghoff authored
Showing with 10 additions and 153 deletions.
  1. +5 −93 lib/adodb/server.php
  2. +5 −60 lib/adodb/tests/tmssql.php
View
98 lib/adodb/server.php
@@ -1,98 +1,10 @@
<?php
-/**
- * @version V4.66 28 Sept 2005 (c) 2000-2005 John Lim (jlim@natsoft.com.my). All rights reserved.
- * Released under both BSD license and Lesser GPL library license.
- Whenever there is any discrepancy between the two licenses,
- the BSD license will take precedence.
- */
-
-/* Documentation on usage is at http://php.weblogs.com/adodb_csv
- *
- * Legal query string parameters:
- *
- * sql = holds sql string
- * nrows = number of rows to return
- * offset = skip offset rows of data
- * fetch = $ADODB_FETCH_MODE
- *
- * example:
- *
- * http://localhost/php/server.php?select+*+from+table&nrows=10&offset=2
- */
+require_once('../../config.php');
+require_once('../weblib.php');
-
-/*
- * Define the IP address you want to accept requests from
- * as a security measure. If blank we accept anyone promisciously!
- */
-$ACCEPTIP = '';
-
-/*
- * Connection parameters
- */
-$driver = 'mysql';
-$host = 'localhost'; // DSN for odbc
-$uid = 'root';
-$pwd = '';
-$database = 'test';
-
-/*============================ DO NOT MODIFY BELOW HERE =================================*/
-// $sep must match csv2rs() in adodb.inc.php
-$sep = ' :::: ';
-
-include('./adodb.inc.php');
-include_once(ADODB_DIR.'/adodb-csvlib.inc.php');
-
-function err($s)
-{
- die('**** '.$s.' ');
-}
-
-// undo stupid magic quotes
-function undomq(&$m)
-{
- if (get_magic_quotes_gpc()) {
- // undo the damage
- $m = str_replace('\\\\','\\',$m);
- $m = str_replace('\"','"',$m);
- $m = str_replace('\\\'','\'',$m);
-
- }
- return $m;
-}
-
-///////////////////////////////////////// DEFINITIONS
-
-
-$remote = $_SERVER["REMOTE_ADDR"];
-
-if (empty($_REQUEST['sql'])) err('No SQL');
-
-if (!empty($ACCEPTIP))
- if ($remote != '127.0.0.1' && $remote != $ACCEPTIP)
- err("Unauthorised client: '$remote'");
-
-
-$conn = &ADONewConnection($driver);
-
-if (!$conn->Connect($host,$uid,$pwd,$database)) err($conn->ErrorNo(). $sep . $conn->ErrorMsg());
-$sql = undomq($_REQUEST['sql']);
-
-if (isset($_REQUEST['fetch']))
- $ADODB_FETCH_MODE = $_REQUEST['fetch'];
-
-if (isset($_REQUEST['nrows'])) {
- $nrows = $_REQUEST['nrows'];
- $offset = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : -1;
- $rs = $conn->SelectLimit($sql,$nrows,$offset);
-} else
- $rs = $conn->Execute($sql);
-if ($rs){
- //$rs->timeToLive = 1;
- echo _rs2serialize($rs,$conn,$sql);
- $rs->Close();
-} else
- err($conn->ErrorNo(). $sep .$conn->ErrorMsg());
+add_to_log(0, 'adodb', 'intrusion attempt', 'lib/adodb/server.php');
+trigger_error('SECURITY WARNING: intrusion attempt against lib/adodb/server.php from ' . getremoteaddr());
+error('SECURITY WARNING: logged intrusion attempt against lib/adodb/server.php');
?>
View
65 lib/adodb/tests/tmssql.php
@@ -1,65 +1,10 @@
<?php
-error_reporting(E_ALL);
-ini_set('mssql.datetimeconvert',0);
-function tmssql()
-{
- print "<h3>mssql</h3>";
- $db = mssql_connect('JAGUAR\vsdotnet','adodb','natsoft') or die('No Connection');
- mssql_select_db('northwind',$db);
-
- $rs = mssql_query('select getdate() as date',$db);
- $o = mssql_fetch_row($rs);
- print_r($o);
- mssql_free_result($rs);
-
- print "<p>Delete</p>"; flush();
- $rs2 = mssql_query('delete from adoxyz',$db);
- $p = mssql_num_rows($rs2);
- mssql_free_result($rs2);
+require_once('../../../config.php');
+require_once('../../weblib.php');
-}
+add_to_log(0, 'adodb', 'intrusion attempt', 'lib/adodb/tests/tmssql.php');
+trigger_error('SECURITY WARNING: intrusion attempt against lib/tests/tmssql.php from ' . getremoteaddr());
+error('SECURITY WARNING: logged intrusion attempt against lib/adodb/tests/tmssql.php');
-function tpear()
-{
-include_once('DB.php');
-
- print "<h3>PEAR</h3>";
- $username = 'adodb';
- $password = 'natsoft';
- $hostname = 'JAGUAR\vsdotnet';
- $databasename = 'northwind';
-
- $dsn = "mssql://$username:$password@$hostname/$databasename";
- $conn = &DB::connect($dsn);
- print "date=".$conn->GetOne('select getdate()')."<br>";
- @$conn->query('create table tester (id integer)');
- print "<p>Delete</p>"; flush();
- $rs = $conn->query('delete from tester');
- print "date=".$conn->GetOne('select getdate()')."<br>";
-}
-
-function tadodb()
-{
-include_once('../adodb.inc.php');
-
- print "<h3>ADOdb</h3>";
- $conn = NewADOConnection('mssql');
- $conn->Connect('JAGUAR\vsdotnet','adodb','natsoft','northwind');
-// $conn->debug=1;
- print "date=".$conn->GetOne('select getdate()')."<br>";
- $conn->Execute('create table tester (id integer)');
- print "<p>Delete</p>"; flush();
- $rs = $conn->Execute('delete from tester');
- print "date=".$conn->GetOne('select getdate()')."<br>";
-}
-?>
-<a href=tmssql.php?do=tmssql>mssql</a>
-<a href=tmssql.php?do=tpear>pear</a>
-<a href=tmssql.php?do=tadodb>adodb</a>
-<?php
-if (!empty($_GET['do'])) {
- $do = $_GET['do'];
- $do();
-}
?>
Please sign in to comment.
Something went wrong with that request. Please try again.