[Full-disclosure] PHP5 Globals Vulnerability
ascii
ascii at katamail.com
Sat Jan 28 20:13:21 GMT 2006
PHP5 Globals Vulnerability
Name PHP5 Globals Vulnerability
Systems Affected PHP5 (verified on 5.1.1 and 5.1.2)
Severity Critical
Vendor www.php.net
Advisory http://www.ush.it/2006/01/25/php5-globals-vulnerability/
Author Francesco "aScii" Ongaro (ascii at katamail . com)
Date 20060125
With ?GLOBALS[foobar] you can set the value of the un-initialized
$foobar variable.
Advisory released on 20060128:
PHP5 Globals Vulnerability
http://www.ush.it/2006/01/25/php5-globals-vulnerability/
Full-Disclosure is hosted and sponsored by Secunia.