Categories
Posts

PHP Remote Execution Bug Discovery Process

Interesting walk through on how a remote execution bug was found on an eBay site.

Mitigation items end up being fairly standard: don’t trust user input and avoid eval() as much as possible.