phpBB <= 3.1.1 deregister_globals() Function Bypass

November 25, 2014 007admin Leave a comment

Posted by Taoguang Chen on Nov 26

When PHP’s register_globals configuration directive set on, phpBB will call
deregister_globals() function, all global variables registered by PHP will
be destroyed. But deregister_globals() functions can be bypassed.

“`
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);

foreach ($input as $varname)
{
if…

007 Software

phpBB <= 3.1.1 deregister_globals() Function Bypass

Leave a Reply Cancel reply

Software and Security Information