[php-maint] Re: another batch of php security issues for review
jmm at inutil.org
Wed Sep 6 21:11:27 UTC 2006
Martin Schulze wrote:
> Please explain which application that is not written to exploit
> this or another PHP bug contains PHP code like the following:
> $object_zval = $eip_hop_over.$ptr_to_obj_handlers.$eip_hop_over.
That's the point. This escalates every web script code injection
vulnerability into a code injection vulnerability.
More information about the pkg-php-maint