Yahoo Bugs Gain Root Access Through Php Eval() Function

Security researcher Ebrahim Hegazy found that by manipulating one of the URLs used Yahoo Mail settings, it can execute system commands remotely. Yahoo end, parameter is used php eval() function, which takes a string and runs it as php code. PHP function documentation explicitly warns against its use, where possible, and where there is no other choice transmitted eval( ) is an approved care.

This verification process seems to be the case can use a combination of print() and system( ) function to execute commands and return the results. Currently, Hegazy was able to execute any code from the same privileges originally launched a web server, including a list of running processes , logged-in users and content subscribers.

However, he later discovered kernel used outdated and the vulnerabilities that could have allowed him to escalate the privileges of the web server account and gain root access.