Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Exploiting vulnerable php functions
From: Jim Halfpenny <jim.halfpenny () gmail com>
Date: Sun, 8 Sep 2013 21:31:51 +0100

Yes, I see what you mean. I guess my interpretation is can you exploit a
script that does not contain the vulnerable function. Yes you can, if you
can inject code. If you can't then the function isn't there and can't be
exploited.

So yes, the answer is no.</meta>

Jim


On 8 September 2013 19:06, Robin Wood <robin () digininja org> wrote:


On 8 Sep 2013 19:01, "Jim Halfpenny" <jim.halfpenny () gmail com> wrote:

In short no. Take a look at file inclusion vulnerabilities.

http://en.m.wikipedia.org/wiki/File_inclusion_vulnerability

If you are suggesting include in a file which uses a vulnerable function
then your answer is actually yes.

Robin

Regards
Jim

On 8 Sep 2013 04:40, "Sean McCormick" <sean.m.mccormick () gmail com>
wrote:

If a website is running a version of php with vulnerable functions does
the function have to be used in a script in order to exploit the
vulnerability?


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]