Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Exploiting vulnerable php functions
From: Dancing Dan <d4ncingd4n () gmail com>
Date: Sun, 8 Sep 2013 13:47:27 -0500

I haven't looked at PHP internals but, some languages create functions as
extensions of other functions as a form of code reuse. This could lead to
unexpected file inclusion.

Does anybody know if PHP does that?

Bart
On Sep 8, 2013 1:39 PM, "Robin Wood" <robin () digininja org> wrote:


On 8 Sep 2013 19:01, "Jim Halfpenny" <jim.halfpenny () gmail com> wrote:

In short no. Take a look at file inclusion vulnerabilities.

http://en.m.wikipedia.org/wiki/File_inclusion_vulnerability

If you are suggesting include in a file which uses a vulnerable function
then your answer is actually yes.

Robin

Regards
Jim

On 8 Sep 2013 04:40, "Sean McCormick" <sean.m.mccormick () gmail com>
wrote:

If a website is running a version of php with vulnerable functions does
the function have to be used in a script in order to exploit the
vulnerability?


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault