Author: JT Smith
From the advisory, posted at Linux Weekly News: “By providing a value for the the array element $_PHPLIB[libdir], an
intruder can force a script to load and execute scripts from another
server.
This is because the value of $_PHPLIB[libdir] gets initalized *only*
if not already set.”
intruder can force a script to load and execute scripts from another
server.
This is because the value of $_PHPLIB[libdir] gets initalized *only*
if not already set.”
Category:
- Linux
