« Nessus On CentOS
MVC in Magento »

PHP Security: Dynamic Evaluation

March 12, 2009 by hejian

Execute a function specified by request:

$myfunc = $_GET['myfunc'];
$myfunc();

When use dynamic function load, attacker can execute any function:

index.php?myfunc=phpinfo

Check code for dynamic function

grep '$[0-9a-zA-Z]*(’ . -r

Protect from dynamic function vulnerability
disable register_globals

Tags: , , ,

Uncategorized
RSS 2.0
trackback

Leave a Reply

You must be logged in to post a comment.

Wordpress template made by HeJian