phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

$Id: phpldapadminqueryengine.rb 14062 2011-10-25 16:19:55Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

phpLDAPadmin query_engine Remote PHP Code Injection

This module exploits a vulnerability in the lib/functions.php for phpLDAPadmin versions 1.2.1.1 and earlier that allows attackers input parsed directly to the createfunction php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parse...