Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data

To: Jasper Bryant-Greene <jasper@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
From: Tõnu Samuel <tonu@xxxxxx>
Date: Wed, 29 Mar 2006 08:19:33 +0300
Cc: Stefan Esser <sesser@xxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
In-reply-to: <4429FD66.2040805@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200603281555.24868.tonu@xxxxxx> <200603282051.00104.tonu@xxxxxx> <44297F63.9070508@xxxxxxx> <44299554.9050008@xxxxxx> <4429FD66.2040805@xxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915

I very much doubt there are many applications at all containing codelike this. It is illogical to be decoding html entities from userinput. Therefore I would not call this a "very serious problem" andcertainly not a critical bug.

Somewhat I agree. I suspected this may affect more functions that onlythis one and was very alarmed. I never digged around in PHP source andwas not able to verify it fast. So if PHP developer says, it is affectsonly on function, this is fine.

There are application which are known to use it. Likehttp://www.phpmyfaq.de/, so I attacker may use social engineering easilyto gain access to such feature.


I am security auditor and 90% cases I get to goal combining using bunch of 
small, useless problems. Sorry if you do not see problem.

EOD :).

References:
- Critical PHP bug - act ASAP if you are running web with sensitive data
  - From: Tõnu Samuel
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  - From: Stefan Esser
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  - From: Jasper Bryant-Greene

Prev by Date: Re: Cantv/Movilnet's Web SMS vulnerability.
Next by Date: Full path disclosure in Webcalendar 1.1.0-CVS
Previous by thread: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Next by thread: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Index(es):
- Date
- Thread