[VIM] work system e-commerce?

Steven M. Christey coley at linus.mitre.org
Fri Nov 17 14:15:36 EST 2006

On Fri, 17 Nov 2006, str0ke wrote:

> 			global ${$varname};
> 			foreach (${$varname} as $key => $val) {
> 				global ${$key};
> 				${$key} = $val;
> 			}

I refer to these as "dynamic variable evaluation" issues.  We should see
more of these as programmers implement their own equivalent of
register_globals.  See my Bugtraq post:

  "Dynamic Evaluation Vulnerabilities in PHP applications"

I have some example detection strings in there.

So we have to investigate every preceding include/require to look for
these kinds of issues.  Eval injection would also be suspect.

- Steve

More information about the VIM mailing list