PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.10.2025)

Community News: Latest PECL Releases (06.03.2025)

Community News: Latest PECL Releases (05.27.2025)

Community News: Latest PEAR Releases (05.26.2025)

Community News: Latest PECL Releases (05.20.2025)

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.06.2025)

Community News: Latest PECL Releases (04.29.2025)

Community News: Latest PECL Releases (04.22.2025)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
PHP Vulnerability N. 1

byChris Cornutt Sep 16, 2004 @ 12:17:42

php|architect has a new note about a few PHP vulnerabilities:

This summer I have been playing around with some php issue and got some php vulnerabilities.Bad array parsing in php_variables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables.

By appending to a GET/POST/COOKIE variable array a [ (open square bracket) like abc[a][, the length of the 'a' array element is set to the length of variable name strlen("abc").

See SecurityFocus.com for more details...

tagged:

Link: