Pomoc oko ove ranjivosti!

[ c0de @ 04.11.2008. 17:42 ] @

PHP Zend_Hash_Del_Key_Or_Index

Da li neko moze da mi pojasni ovaj Vulnerability i kako da ga testiram?

Veliki pozdrav za sve security experts u Ex-YU.Gdje da nadjem neke domace tutorijale o testiranju Buffer Overflow-a,da to nije sa e-zine Pheraless posto sam sve procitao?

[ Danilo Cvjeticanin @ 04.11.2008. 18:29 ] @

PHP Zend Has Del key Or Index se uglavnom pojavljuje ako ti je instalirana starija verzija PHP-a. Najnovijim PHP-om resavas taj problem.

[ c0de @ 04.11.2008. 20:28 ] @

Hvala Daniloc.Jos samo kad bi mi malo detaljnije objasnio u cemu Vulnerability i kako ga sploitat.

[ Danilo Cvjeticanin @ 04.11.2008. 20:30 ] @

Citat:

Stefan Esser had discovered a weakness within the depths of the implementation of hashtables in the Zend Engine. This vulnerability affects a large number of PHP applications. It creates large new holes in many popular PHP applications. Additonally many old holes that were disclosed in the past were only fixed by using the unset() statement. Many of these holes are still open if the already existing exploits are changed by adding the correct numerical keys to survive the unset().