首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
安全知识 :: 专题文章

php create_function commond injection vulnerability


http://www.gipsky.com/
php use create_function function to CREATE an anonymous function like below(stolen from php_manual):



?????????????????

Description

string create_function ( string args, string code )



Creates an anonymous function from the parameters passed, and returns a unique name for it. Usually the args will be passed as a single quote delimited string, and this is also recommended for the code. The reason for using single quoted strings, is to protect the variable names from parsing, otherwise, if you use double quotes there will be a need to escape the variable names, e.g. \$avar.



You can use this function, to (for example) create a function from information gathered at run time:



1. Creating an anonymous function with create_function()



http://www.80sec.com/php-create_funct ... ection-vulnerability.html
<< MS08-052 WMF漏洞分析及漏洞测试 FireFox 3.0.2更新问题 >>
评分
10987654321
API:
gipsky.com& 安信网络
网友个人意见,不代表本站立场。对于发言内容,由发表者自负责任。

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号