Re: Exploiting vulnerable php functions

[Dancing Dan <d4ncingd4n () gmail com>]

I haven't looked at PHP internals but, some languages create functions as
extensions of other functions as a form of code reuse. This could lead to
unexpected file inclusion.

Does anybody know if PHP does that?

Bart
On Sep 8, 2013 1:39 PM, "Robin Wood" <robin () digininja org> wrote:

> On 8 Sep 2013 19:01, "Jim Halfpenny" <jim.halfpenny () gmail com> wrote:
> > In short no. Take a look at file inclusion vulnerabilities.
> >
> > http://en.m.wikipedia.org/wiki/File_inclusion_vulnerability
>
> If you are suggesting include in a file which uses a vulnerable function
> then your answer is actually yes.
>
> Robin
>
> > Regards
> > Jim
> >
> > On 8 Sep 2013 04:40, "Sean McCormick" <sean.m.mccormick () gmail com>
> wrote:
> > > If a website is running a version of php with vulnerable functions does
> the function have to be used in a script in order to exploit the
> vulnerability?
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com