Home page logo

fulldisclosure logo Full Disclosure mailing list archives

PHP5 Globals Vulnerability
From: ascii <ascii () katamail com>
Date: Sat, 28 Jan 2006 21:13:21 +0100

PHP5 Globals Vulnerability

 Name              PHP5 Globals Vulnerability
 Systems Affected  PHP5 (verified on 5.1.1 and 5.1.2)
 Severity          Critical
 Vendor            www.php.net
 Advisory  http://www.ush.it/2006/01/25/php5-globals-vulnerability/
 Author            Francesco "aScii" Ongaro (ascii at katamail . com)
 Date              20060125

With ?GLOBALS[foobar] you can set the value of the un-initialized
$foobar variable.

Advisory released on 20060128:
PHP5 Globals Vulnerability

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • PHP5 Globals Vulnerability ascii (Jan 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]