PEAR XML_RPC is the PEAR-ified version
of Useful Inc's XML-RPC
for PHP, which is a PHP implementation of the XML-RPC protocol.
It has support for HTTP transport, proxies and authentication.
After Gulftech released their PHP code injection advisory in the
end of June 2005 we sheduled the code for an audit from our side.
Unfortunately we were able to find another vulnerability in the
XML-RPC libraries that allows injection of arbitrary PHP code
into eval() statements.
|
http://www.q8linux.net
The URL for this story is:
http://www.q8linux.net/modules.php?name=News&file=article&sid=198