List,
In one of the latest PHP changelogs I found a reference to this
vulnerability [0] discovered by Stefan Esser, which catched my
attention. Almost instantly I said: "This has to be added to the
osCommanding plugin in w3af". After some thinking... I'm not sure...
this is a very specific PHP vulnerability, that will only work on
*some* installations of the vulnerable PHP versions. Any ideas about
how many of the systems with old versions of PHP are actually
vulnerable (lets define vulnerable as: they can be exploited if they
use any of the buggy functions)? Anyone has exploited this in
penetration tests? Do you guys think that I should add "exploits" like
this one to w3af plugins?
I'm open to ideas, don't be shy and share =)
[0] http://seclists.org/bugtraq/2008/May/0061.html
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
