Yes, I see what you mean. I guess my interpretation is can you exploit a script that does not contain the vulnerable function. Yes you can, if you can inject code. If you can't then the function isn't there and can't be exploited.
So yes, the answer is no.</meta> Jim On 8 September 2013 19:06, Robin Wood <[email protected]> wrote: > > On 8 Sep 2013 19:01, "Jim Halfpenny" <[email protected]> wrote: > > > > In short no. Take a look at file inclusion vulnerabilities. > > > > http://en.m.wikipedia.org/wiki/File_inclusion_vulnerability > > If you are suggesting include in a file which uses a vulnerable function > then your answer is actually yes. > > Robin > > > Regards > > Jim > > > > On 8 Sep 2013 04:40, "Sean McCormick" <[email protected]> > wrote: > >> > >> If a website is running a version of php with vulnerable functions does > the function have to be used in a script in order to exploit the > vulnerability? > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
