[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security issue is_a function in PHP 5.3.7+

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Security issue is_a function in PHP 5.3.7+
From: cipri@xxxxxxx
Date: Fri, 23 Sep 2011 14:33:04 GMT

PHP 5.3.7 changed the behavior of the is_a() function, used to check if an 
object is an instance of a class, to call the __autoload() function. This 
causes a remote code execute problem when coupled with a standard library like 
PEAR that internally uses is_a to check if a returned variable is an Error 
object or not.

An unprotected __autoload() function that blindly includes based upon the 
variable it receives can be tricked into including a remote file by, for 
example, uploading a specially crafted file containing a link to a remote 
website.

Full explanation + code example has been posted on our website at 
http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
 and has been e-mailed to security@xxxxxxx

-- 
Cipriano Groenendal

Prev by Date: XSS Vulnerabilities in TWiki < 5.1.0
Next by Date: TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation
Previous by thread: XSS Vulnerabilities in TWiki < 5.1.0
Next by thread: TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation
Index(es):
- Date
- Thread