the Month of PHP Security

PHP’s strip_tags() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

PHP’s strtr() function can be abused for information leak attacks, similar to all the other interruption exploits. However the interruption is not triggered inside the zend_parse_parameters() function and therefore another fix is required.
(more…)

PHP’s strpbrk() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

PHP’s http_build_query() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

PHP’s str_getcsv() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily.
(more…)

PHP’s iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities.
(more…)

PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)

PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature.
(more…)