My friend Stefano di Paola and I have discovered that a PHP function used to emulate register_globals on is able to overwrite any variable (also $_SESSION and $_SERVER) with the exception of $GLOBALS. Naturally during the Month of PHP bugs :)
My friend Stefano di Paola and I have discovered that a PHP function used to emulate register_globals on is able to overwrite any variable (also $_SESSION and $_SERVER) with the exception of $GLOBALS. Naturally during the Month of PHP bugs :)
To demonstrate the import_request_variables() bug i've exploited a XSS flaw in PHP NUKE 8.0 that has an anti-CSRF routine. The import_request_variables() vulnerability will permit you to exploit a wide range of vectors (XSS, remote file inclusion, remote code execution, SQL injections, etc.) on software that makes use of it.