Posted by Timo Schmid on Feb 18

PHP Code Execution in jui_filter_rules Parsing Library
======================================================
Researcher: Timo Schmid <tschmid () ernw de>

Description
===========
jui_filter_rules[1] is a jQuery plugin which allows users to generate a
ruleset
which could be used to filter datasets inside a web application.

The plugin also provides a PHP library to turn the user submitted
ruleset into
SQL where statements for server side…