PHP create_function injection command execution vulnerability-vulnerability warning-the black bar safety net

In PHP use createfunctionto create an anonymous function, if not strictly to the parameters passed to the filter, the attacker can construct a special string passed to createfunctionto execute arbitrary commands. In the following code as an example: ? php //how to exp this code...

Code injection

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP createfunction function...

Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)

Check for the Version of phpldapadmin OpenVAS Vulnerability Test Mandriva Update for phpldapadmin MDVSA-2011:163 phpldapadmin Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

phpLDAPadmin functions.php 远程PHP代码注入漏洞

BUGTRAQ ID: 50331 phpLDAPadmin是基于web的LDAP客户端，允许方便的管理LDAP服务器。 phpLDAPadmin在实现上存在远程PHP代码注入漏洞，攻击者可利用此漏洞在受影响应用程序中注入和执行PHP代码，控制系统。 1）cmd.php中的URL后附加的输入在返回给用户之前没有正确过滤，可被利用在受影响站点用户浏览器中执行任意HTML和脚本代码。 2）cmd.php中的"orderby"参数中传递的输入在用于"createfunction"函数调用之前，没有在lib/functions.php中正确过滤。可被利用注入和执行任意PHP代码。...

phpLDAPadmin query_engine Remote PHP Code Injection

This module exploits a vulnerability in the lib/functions.php for phpLDAPadmin versions 1.2.1.1 and earlier that allows attackers input parsed directly to the createfunction php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parse...

Feed on Feeds 0.5 - Remote PHP Code Injection

strtolower$b"'.$key.'" ? -1 : 1;'; 1096. 1097. else 1098. 1099. $compare = createfunction'$a,$b','if strtolower$a"'.$key.'" == strtolower$b"'.$key.'" return 0;else return strtolower$a"'.$key.'" strtolower$b"'.$key.'" ? -1 : 1;'; 1100. 1101. 1102. usort$tab,$compare ; 1103. return $tab ; 1104. The...

RoSPORA 1.5.0 - Remote PHP Code Injection

RoSPORA 1.5.0 - Remote PHP Code Injection '; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter...

Wordpress 2.7.0 admin remote code execution vulnerability-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com date: 2008-12-18 Analysis: This vulnerability out in the background: wp-admin/post.php if currentusercan'editpost', $postID if $last = wpcheckpostlock $post-ID $lastuser = getuserdata $last ; $lastusername = $lastuser ?...

CVE-2008-4687

manageprojpage.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by createfunction within the multisort function in core/utilityapi.php...

Mantis Bug Tracker <= 1.1.3 Remote Code Execution Exploit

No description provided by source. ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX...

PHP 'create_function()'代码注入漏洞

BUGTRAQ ID: 31398 CNCAN ID：CNCAN-2008092610 PHP是一款流行的WEB编程语言。 PHP不正确过滤传递给'createfunction'的输入，远程攻击者可以利用漏洞以特权应用程序权限执行任意代码。 PHP使用createfunction函数用于CREATE一个匿名函数： 1，使用createfunction建立一个匿名函数： ?php $newfunc = createfunction'$a,$b', 'return "ln$a + ln$b = " . log$a $b;'; echo "New anonymous function:...

PHP 5.2.6 - create_function() Code Injection (1)

PHP 5.2.6 - createfunction Code Injection 1 source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

Design/Logic Flaw

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

Design/Logic Flaw

tiki-graphformula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by createfunction...

CVE-2007-5423

tiki-graphformula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by createfunction...