[VIM] old PHP issues
ascii
ascii at katamail.com
Fri Jul 9 01:36:35 CDT 2010
On 07/09/2010 01:32 AM, security curmudgeon wrote:
> Digging through old links to sort, found this again:
> http://www.cr0w.ru/2009/03/self-contained-file-include-in-php-520.html
> Would these be implementation specific, or flaws in PHP itself?
It's a feature of PHP, known and exploited from many years, well before
2009.
PHP file functions support different URI handlers, that's why RFI over
HTTP was so common in the first place (forgetting about absolutely ugly
and vulnerable PHP code written by first time developers).
Have a nice day,
Francesco `ascii` Ongaro
http://www.ush.it/
More information about the VIM
mailing list