[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Re: [Full-disclosure] Global Space Exploitation In PHP Based Web Applications

From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Subject: [WEB SECURITY] Re: [Full-disclosure] Global Space Exploitation In PHP Based Web Applications
Date: Sat, 31 Mar 2007 19:22:53 +0200 (CEST)

On Sat, 31 Mar 2007, Aditya K Sood wrote:

> http://zeroknock.metaeye.org/analysis/gspace.xhtml

Just like your previous "double trap" XSS advisory, I fail to see the
novelty or significance of this report.

You seem to discuss an ages-old issue that had been used to exploit a
countless number of web applications, and is remediated by disabling
register_globals (ain't that off by default since PHP 4.2.0?).

/mz

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] Re: [Full-disclosure] Global Space Exploitation In PHP Based Web Applications
  - From: Aditya K Sood

References:
- [WEB SECURITY] Global Space Exploitation In PHP Based Web Applications
  - From: Aditya K Sood

Prev by Date: [WEB SECURITY] Global Space Exploitation In PHP Based Web Applications
Next by Date: Re: [WEB SECURITY] Re: [Full-disclosure] Global Space Exploitation In PHP Based Web Applications
Previous by thread: [WEB SECURITY] Global Space Exploitation In PHP Based Web Applications
Next by thread: Re: [WEB SECURITY] Re: [Full-disclosure] Global Space Exploitation In PHP Based Web Applications
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site