Find out if register_globals is on

[strai]

Does anyone have a clue if it is possible for an 'outsider' to figure out whether register_globals is set to on in a particular web application?

The 'outsider' does not have access to the php code and does not have access to the phpinfo() output.

 

 

[discomatt]

The server should never directly tell a visitor that register_globals is on, but it's not extremely hard to find out in most situations.

 

If it is on, I'd just turn it off rather than worry about this

[strai]

I am testing a lot of vulnerability scanners and I have created a web application where I deliberately left 6 prevalent vulnerabilities like XSS, SQL-injection etc.

One of those vulnerabilities is the fact that register_globals is on.

In my admin.php page, the server checks whether $admin == true. If so, the visitor has access to the admin.php page. However, when register_globals is on, one can easily set the $admin variable to true.

 

My question is: Is it por a vulnerability scanner possible to detect whether register_globals is on?

[PFMaBiSmAd]

Because register_globals affect data values in variables, the short answer is no, a general purpose vulnerability scanner cannot tell if register_globals are on.

 

It would take specific knowledge about how the data is being used in the code in order to be able to write a vulnerability scanner that could trigger an indication if register_globals were on.

[nadeemshafi9]

try ini_get('register_globals ');

[nadeemshafi9]

try ini_get('register_globals ');

 

just tested it it returns empty string if its off and 1 if its on

[nadeemshafi9]

i dont know hwo to do it from outside the server, must be some sort of port communication or somthing youl probably need to be logged in im not sure

[nadeemshafi9]

if you can create file with php_info() phpinfo.php then you can read the output