Bugtraq: Re: php create_function commond injection vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: php create_function commond injection vulnerability

From: "Steven M. Christey" <coley () mitre org>
Date: Mon, 29 Sep 2008 13:14:13 -0400 (EDT)


There are two main takeaways from this advisory:

1) PHP application programmers can and will misuse this function
   (CVE-2008-4096, CVE-2007-5423), but most PHP code auditors probably
   don't check for it yet.  So it's good for awareness.

2) Any language that has an equivalent capability for creating
   anonymous functions will probably have application programmers that
   abuse it.

- Steve

By Date By Thread

Current thread:

php create_function commond injection vulnerability root (Sep 25)
- <Possible follow-ups>
- Re: php create_function commond injection vulnerability lmfao (Sep 25)
  - Re: php create_function commond injection vulnerability bzhbfzj3001 (Sep 29)
    - Re: php create_function commond injection vulnerability mnapier (Sep 29)
- Re: php create_function commond injection vulnerability Steven M. Christey (Sep 29)