[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] PHP5 Globals Vulnerability

To: undisclosed-recipients:;
Subject: [Full-disclosure] PHP5 Globals Vulnerability
From: ascii <ascii@xxxxxxxxxxxx>
Date: Sat, 28 Jan 2006 21:13:21 +0100

PHP5 Globals Vulnerability

 Name              PHP5 Globals Vulnerability
 Systems Affected  PHP5 (verified on 5.1.1 and 5.1.2)
 Severity          Critical
 Vendor            www.php.net
 Advisory  http://www.ush.it/2006/01/25/php5-globals-vulnerability/
 Author            Francesco "aScii" Ongaro (ascii at katamail . com)
 Date              20060125

With ?GLOBALS[foobar] you can set the value of the un-initialized
$foobar variable.

Advisory released on 20060128:
PHP5 Globals Vulnerability
http://www.ush.it/2006/01/25/php5-globals-vulnerability/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] -moz-binding CSS property: more XSS fun
Next by Date: [Full-disclosure] XSS in rapidshare.de
Previous by thread: [Full-disclosure] -moz-binding CSS property: more XSS fun
Next by thread: [Full-disclosure] XSS in rapidshare.de
Index(es):
- Date
- Thread