Re: Exploiting vulnerable php functions

[Jim Halfpenny <jim.halfpenny () gmail com>]

Yes, I see what you mean. I guess my interpretation is can you exploit a
script that does not contain the vulnerable function. Yes you can, if you
can inject code. If you can't then the function isn't there and can't be
exploited.

So yes, the answer is no.</meta>

Jim


On 8 September 2013 19:06, Robin Wood <robin () digininja org> wrote:

> On 8 Sep 2013 19:01, "Jim Halfpenny" <jim.halfpenny () gmail com> wrote:
> > In short no. Take a look at file inclusion vulnerabilities.
> >
> > http://en.m.wikipedia.org/wiki/File_inclusion_vulnerability
>
> If you are suggesting include in a file which uses a vulnerable function
> then your answer is actually yes.
>
> Robin
>
> > Regards
> > Jim
> >
> > On 8 Sep 2013 04:40, "Sean McCormick" <sean.m.mccormick () gmail com>
> wrote:
> > > If a website is running a version of php with vulnerable functions does
> the function have to be used in a script in order to exploit the
> vulnerability?
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com