On 8 September 2013 19:47, Dancing Dan <[email protected]> wrote: > I haven't looked at PHP internals but, some languages create functions as > extensions of other functions as a form of code reuse. This could lead to > unexpected file inclusion. > > Does anybody know if PHP does that? >
Do you mean one function internally calls another, for example a string compare ignoring case will call the generic string compare but pass in the ignore case flag? I've no idea if PHP does this but would be interested to find out and if it does to get a list of what calls what. Robin > Bart > On Sep 8, 2013 1:39 PM, "Robin Wood" <[email protected]> wrote: > >> >> On 8 Sep 2013 19:01, "Jim Halfpenny" <[email protected]> wrote: >> > >> > In short no. Take a look at file inclusion vulnerabilities. >> > >> > http://en.m.wikipedia.org/wiki/File_inclusion_vulnerability >> >> If you are suggesting include in a file which uses a vulnerable function >> then your answer is actually yes. >> >> Robin >> >> > Regards >> > Jim >> > >> > On 8 Sep 2013 04:40, "Sean McCormick" <[email protected]> >> wrote: >> >> >> >> If a website is running a version of php with vulnerable functions >> does the function have to be used in a script in order to exploit the >> vulnerability? >> >> >> >> >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> > >> > >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
