PaulDotCom mailing list archives
Re: Exploiting vulnerable php functions
From: Jim Halfpenny <jim.halfpenny () gmail com>
Date: Sun, 8 Sep 2013 21:31:51 +0100
Yes, I see what you mean. I guess my interpretation is can you exploit a script that does not contain the vulnerable function. Yes you can, if you can inject code. If you can't then the function isn't there and can't be exploited. So yes, the answer is no.</meta> Jim On 8 September 2013 19:06, Robin Wood <robin () digininja org> wrote:
On 8 Sep 2013 19:01, "Jim Halfpenny" <jim.halfpenny () gmail com> wrote:In short no. Take a look at file inclusion vulnerabilities. http://en.m.wikipedia.org/wiki/File_inclusion_vulnerabilityIf you are suggesting include in a file which uses a vulnerable function then your answer is actually yes. RobinRegards Jim On 8 Sep 2013 04:40, "Sean McCormick" <sean.m.mccormick () gmail com>wrote:If a website is running a version of php with vulnerable functions doesthe function have to be used in a script in order to exploit the vulnerability?_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Exploiting vulnerable php functions, (continued)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 08)
- Re: Exploiting vulnerable php functions Dancing Dan (Sep 09)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 10)
- Re: Exploiting vulnerable php functions allison nixon (Sep 10)
- Re: Exploiting vulnerable php functions Ryan Sears (Sep 11)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 11)
- Re: Exploiting vulnerable php functions Sean McCormick (Sep 12)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 13)
- Re: Exploiting vulnerable php functions Robin Wood (Sep 08)
- Re: Exploiting vulnerable php functions Dancing Dan (Sep 11)
- Re: Exploiting vulnerable php functions Danny Chrastil (Sep 09)
- Re: Exploiting vulnerable php functions Jim Halfpenny (Sep 09)