[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug
From: Tatercrispies <tatercrispies@xxxxxxxxx>
Date: Wed, 29 Jun 2005 08:41:41 -0500

Why is this ability even present in PHP's regular expression
functions? What kind of decision making concludes that regular
expression functions should be able to execute inline code? I just
can't get my head around this.

Are there any other PHP functions that bizarrely mate EVAL ability
with seemingly unrelated functions?




> 
> The highlighting code uses the preg_replace() function on line 1110
> in viewtopic.php. It uses the special modifier "e" which causes PHP
> to evaluate the replacement string as PHP code. Below is a PHP code
> example of what actually happens:
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug
  - From: ronvdaal

Prev by Date: Re: [Full-disclosure] Solaris 9/10 ld.so fun
Next by Date: Re: [Full-disclosure] Mozilla Multiple Product JavaScript Issue
Previous by thread: Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug
Next by thread: Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug
Index(es):
- Date
- Thread