PHP 5.1.1/5.1.2 GLOBALS Variable Overwrite Vulnerability

On January 25, 2006, the Chinese site Aliyun Developer reported a technical advisory signed by Francesco “aScii” Ongaro regarding a critical vulnerability in the GLOBALS variable management mechanisms in PHP 5.1.1 and 5.1.2. The discovery, which emerged during a code review activity on the PmWiki software, revealed that even versions considered secure were affected by anomalous behavior that allowed injection of global variables via GPC. The exploit, described with proof-of-concept code and a detailed timeline, was initially published on USH.it and subsequently recognized by various sources specialized in web security.