Vigil@nce: PHP, information disclosure via var_export
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an error in the var_export() function, in
order to obtain the content of variables.
– Severity: 1/4
– Creation date: 19/07/2010
DESCRIPTION OF THE VULNERABILITY
The PHP var_export() function returns the representation of a
variable:
$representation = var_export($variable, TRUE);
When an unexpected situation (deep recursion, memory limit or
execution time limit) occurs, var_export() returns an error.
However, in this case the representation of the variable is
directly displayed on the output stream (web page).
An attacker can therefore generate an error in the var_export()
function, in order to obtain the content of variables.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PHP-information-disclosure-via-var-export-9773