[Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug
Tatercrispies
tatercrispies at gmail.com
Wed Jun 29 14:41:41 BST 2005
Why is this ability even present in PHP's regular expression
functions? What kind of decision making concludes that regular
expression functions should be able to execute inline code? I just
can't get my head around this.
Are there any other PHP functions that bizarrely mate EVAL ability
with seemingly unrelated functions?
>
> The highlighting code uses the preg_replace() function on line 1110
> in viewtopic.php. It uses the special modifier "e" which causes PHP
> to evaluate the replacement string as PHP code. Below is a PHP code
> example of what actually happens:
>
Full-Disclosure is hosted and sponsored by Secunia.