Jose, On Mon, Nov 17, 2008 at 8:28 PM, José Ramón Palanco <[EMAIL PROTECTED]> wrote: > IMHO is a very common issue because it seems a 0day vulnerability of PHP, > and it is corrected in the last releases.
Yes, you are right. > I understand w3af isn't an > vulnerability explotation framework so it may be out of the scope of the > project. But this isn't a buffer overflow, a format string, or something like that, the only thing that I have to add is a 0xc0 char in front of every character that would be normally escaped ( ; | & and some others ). And by "exploiting" this vulnerability, w3af would be bypassing a filter, like the ones that w3af bypasses when "fighting back" gpc_magic_quotes in SQL injection exploitation. It's a thin line... and that's why I asked. I'll wait for more answers and then we'll decide =) Cheers, > -- > José Ramón Palanco > Hazent Systems S.L. > > Turina 59, Las Rozas > 28230 Madrid > Tel.: 91 120 18 12 ext.1000 > Móvil: 622 229 707 > > > > 2008/11/18 Andres Riancho <[EMAIL PROTECTED]> >> >> List, >> >> In one of the latest PHP changelogs I found a reference to this >> vulnerability [0] discovered by Stefan Esser, which catched my >> attention. Almost instantly I said: "This has to be added to the >> osCommanding plugin in w3af". After some thinking... I'm not sure... >> this is a very specific PHP vulnerability, that will only work on >> *some* installations of the vulnerable PHP versions. Any ideas about >> how many of the systems with old versions of PHP are actually >> vulnerable (lets define vulnerable as: they can be exploited if they >> use any of the buggy functions)? Anyone has exploited this in >> penetration tests? Do you guys think that I should add "exploits" like >> this one to w3af plugins? >> >> I'm open to ideas, don't be shy and share =) >> >> [0] http://seclists.org/bugtraq/2008/May/0061.html >> >> Cheers, >> -- >> Andres Riancho >> http://w3af.sourceforge.net/ >> Web Application Attack and Audit Framework >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
