Posts Tagged 'joomla'

Dynamic evaluation vulnerabilities

Dynamic evaluation vulnerabilities – dynamic variable evaluation
An eval injection vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call.[5]

$myvar = ‘somevalue’;
$x = $_GET['arg'];
eval(‘$myvar = ‘ . $x . ‘;’);

The argument of “eval” will be processed as PHP, so additional commands can be appended. For example, if “arg” is set to “10; system(‘/bin/echo uh-oh’)“, additional code is run which executes …

Continue Reading →
0