Kuwait Linux User Group

PEAR XML_RPC Remote PHP Code Injection Vulnerability
Date: Thursday, August 25, 2005 @ 19:25:36 EDT
Topic: story


hardened-php.net :

       PEAR XML_RPC is the PEAR-ified version of Useful Inc's XML-RPC
for PHP, which is a PHP implementation of the XML-RPC protocol. It has support for HTTP transport, proxies and authentication.

After Gulftech released their PHP code injection advisory in the end of June 2005 we sheduled the code for an audit from our side. Unfortunately we were able to find another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements.

complete story









This article comes from Kuwait Linux User Group
http://www.q8linux.net

The URL for this story is:
http://www.q8linux.net/modules.php?name=News&file=article&sid=198