Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

mb_parse_str() exceptional conditions protection bypass
Published: 22.03.2007
Source: PHP-SECURITY
SecurityVulns ID: 7450
Type: library
Level: 5/10
Description: Exceptional conditions during function invocation may lead to enabling register_globals.

Affected: PHP : PHP 4.4
PHP : PHP 5.2
CVE: CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.)

Original document PHP-SECURITY, MOPB-26-2007:PHP mb_parse_str() register_globals Activation Vulnerability (22.03.2007)

Files: PHP mb_parse_str() register_globals Activation Exploit
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)