Optimized Derivative of Complex Security.

From Old Bucket To New : Clobbering of Global Variables

The PHP realm of global exploitation of the variables and modules is getting intensified once again.My previous post simulated this kind of behavior.Some body , dont want to mention the name, quoted me regarding this by saying it as , old view.I am bit disagree with this because of the fact that may be the bucket is old but the fluid of exploitation is changing.Even after the patches the vulnerability do persists.Where actually the weakness persist.This is worth mentioning because the vector is getting high again.There are lot of different vulnerabilites persist on this.

If anyone hitting new land , then there is Clobbering of global variables.It actually means fusing of two different realms into third realm due to which some strange things happen in web applications.This vector infects several code paths.
The PHP team is working over this and recently have made some changes.Lot of other issues are dependent on this factor too.

This works in chain security.It inherits dependency of one block on another.So thinking this vector gets old , not acceptable.The base has to be modified and secure checks should be performed , Who knows when new vector gets originated.

Zknk

Posted on 4/01/2007 07:46:00 AM by 0kn0ck | 0 Comments