Commentaires sur : PHP CVE-2011-2202 http://www.devquotes.com/2011/06/15/php-cve-2011-2202/ devs are (s)talking. Fri, 04 Nov 2011 14:06:25 +0000 hourly 1 http://wordpress.org/?v=3.1.2 Par : Krzysztof Kotowicz http://www.devquotes.com/2011/06/15/php-cve-2011-2202/comment-page-1/#comment-793 Krzysztof Kotowicz Sat, 18 Jun 2011 11:21:13 +0000 http://www.devquotes.com/?p=875#comment-793 Demo is here: http://blog.kotowicz.net/2011/06/file-path-injection-in-php-536-file.html Demo is here: http://blog.kotowicz.net/2011/06/file-path-injection-in-php-536-file.html

]]> Par : Krzysztof Kotowicz http://www.devquotes.com/2011/06/15/php-cve-2011-2202/comment-page-1/#comment-792 Krzysztof Kotowicz Fri, 17 Jun 2011 10:36:15 +0000 http://www.devquotes.com/?p=875#comment-792 Successful exploitability of this vulnerability is pretty hard as you need both a vulnerable application (though i've found a few in google code search) and a vulnerable php set up. I was able to find a exploitable set up though. I'll present a demo on my blog once new PHP will be released. Successful exploitability of this vulnerability is pretty hard as you need both a vulnerable application (though i’ve found a few in google code search) and a vulnerable php set up. I was able to find a exploitable set up though. I’ll present a demo on my blog once new PHP will be released.

]]> Par : Krzysztof Kotowicz http://www.devquotes.com/2011/06/15/php-cve-2011-2202/comment-page-1/#comment-791 Krzysztof Kotowicz Fri, 17 Jun 2011 10:33:55 +0000 http://www.devquotes.com/?p=875#comment-791 Hi! I'm the original reporter. The description of this vulnerability is wrong - you can create a file in root directory with arbitrary name & contents, not delete it. @__ed As for the versions affected - all of them since circa 2008, the error was introduced in the source code then. Hi! I’m the original reporter. The description of this vulnerability is wrong – you can create a file in root directory with arbitrary name & contents, not delete it.

@__ed As for the versions affected – all of them since circa 2008, the error was introduced in the source code then.

]]> Par : __ed http://www.devquotes.com/2011/06/15/php-cve-2011-2202/comment-page-1/#comment-790 __ed Thu, 16 Jun 2011 14:14:36 +0000 http://www.devquotes.com/?p=875#comment-790 Could you be more accurate on which version is affected by this vulnerability ? Thanks. Could you be more accurate on which version is affected by this vulnerability ?

Thanks.

]]>