If you're running phpsuexec, then modify a copy of the global php.ini file so that registerglobals is on. Then copy the new php.ini file to every directory that you want to apply it to.
I wish there was an easier way todo it, especially if the site runs a CMS + forum, etc, or even modernbill. Isn't there a quick, easy way to get the php.ini file into each folder?
php.ini : you just need to create a file in the folder where the script needing it is located, containing this :
.htaccess : add this line
Code:
register_globals = On
Code:
php_value register_globals on
Not very smart turning on register_globals even for one domain!
Most all programs these days are designed specifically to work with
register_globals turned OFF but if you actually have one that
requires them, you would be much better off either upgrading or
modifying the program to not need register_globals.
Updating a program to not need register_globals anymore is trivial
and generally doesn't take more than a few seconds to update.
Most all programs these days are designed specifically to work with
register_globals turned OFF but if you actually have one that
requires them, you would be much better off either upgrading or
modifying the program to not need register_globals.
Updating a program to not need register_globals anymore is trivial
and generally doesn't take more than a few seconds to update.
Thanx for the lecture
Unfortunattely we (and most people) don't have control over this. Especially for programs encrypted with Zend encoder or IonCube, or something. Modernbill is one such example. The sad part is, a lot of developer don't see this as a problem, and feel their program is superior - meanig it needs register globals.
P.S. ..... let's not talk about PHP6. yet ....
Actually that's no problem whatsoever!
I can edit Zend or IonCube encoded source!
I developed a program a long while back that reverts any PHP program encoded
with either IonCube (including the newest version!) or Zend back to human
readable PHP source in a matter of seconds and we use that program all
the time where I work.
Ironically both Zend and IonCube have the same vulnerability which I would think
should be rediculously obvious to anyone but for some reason everyone including
the creators of those systems seems to blindly miss it all!
For those who don't have the capability to reverse engineer encoded scripts to source,
a simple wrapper script will do the trick for you to emulate register_globals functionality
where it is actually turned off server wide. Easy enough to setup!
Last edited:
Would you mind sharing your program? And how do I know what code in the scripts to change so that it doesn't need register globals?
