[php-maint] Re: another batch of php security issues for review

[Moritz Muehlenhoff]

Martin Schulze wrote:
> Please explain which application that is not written to exploit
> this or another PHP bug contains PHP code like the following:
> 
> $object_zval = $eip_hop_over.$ptr_to_obj_handlers.$eip_hop_over.
>                "\x05\x01\x90\x90".$shellcode."\xC3\x90\x90\x20";

(..)

That's the point. This escalates every web script code injection
vulnerability into a code injection vulnerability.

Cheers,
        Moritz