Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

PHP5 Globals Vulnerability

From: ascii <ascii () katamail com>
Date: Sat, 28 Jan 2006 21:13:21 +0100
PHP5 Globals Vulnerability

 Name              PHP5 Globals Vulnerability
 Systems Affected  PHP5 (verified on 5.1.1 and 5.1.2)
 Severity          Critical
 Vendor            www.php.net
 Advisory  http://www.ush.it/2006/01/25/php5-globals-vulnerability/
 Author            Francesco "aScii" Ongaro (ascii at katamail . com)
 Date              20060125

With ?GLOBALS[foobar] you can set the value of the un-initialized
$foobar variable.

Advisory released on 20060128:
PHP5 Globals Vulnerability
http://www.ush.it/2006/01/25/php5-globals-vulnerability/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: