Re: php create_function commond injection vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: php create_function commond injection vulnerability
From: lmfao@xxxxxxxxxxx
Date: 25 Sep 2008 15:53:02 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Are you kidding ?

As the PHP manual said "if you use double quotes there will be a need to escape 
the variable names".

In your example you use a function with double quotes, without escaping the 
variable $sort_by, so
this is not a PHP vulnerability, but a development one.

For this time, don't blame PHP, blame developers.
It's like if I was using mysql_query() without escaping user's inputs...an sql 
injection, not a PHP vuln ;)

Follow-Ups:
- Re: php create_function commond injection vulnerability
  - From: bzhbfzj3001

Prev by Date: [security bulletin] HPSBST02372 SSRT080133 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-052 to MS08-055
Next by Date: Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities
Previous by thread: php create_function commond injection vulnerability
Next by thread: Re: php create_function commond injection vulnerability
Index(es):
- Date
- Thread