logo       
<prev   next>

Security Announcement: msg#00052

Subject: Security Announcement
Hey all. There was a security announcement on BUGTRAQ http://www.securityfocus.com/archive/1/391496/2005-02-21/2005-02-27/0
I tested and it is invalid. It can be exploited if you change the settings to allow for uploading of php files, which the submitter failed to mention. He also failed to mention OS/Server/PHP version as well. Maybe this does work on Personal Web Server for Windows 95, dunno. This should at least be a good example of why phpWebSite will never be permitted to insert code for any reason or in any form through the interface.
Not sure how you want to respond to this Matt, but since it's already all over the internet, I'll just post it here and leave it up to you. 

Wendall


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Banning of users, Greg Tassone
Next by Date:  Re: the mod_user_uservars table, Eloi George
Previous by Thread:  Invitation to the mediation manual, Robert Schuster
Next by Thread:  Re: Security Announcement, Matthew McNaney
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
linux.arklinux....    user-groups.lin...    kde.usability/2...    ietf.ipp/2002-0...    mail.spam.spamc...    os.netbsd.devel...    audio.cd-record...    text.unicode.de...    php.documentati...    games.fps.halfl...    window-managers...    suse.oracle.gen...    bug-tracking.gn...    video.dvdrip.us...    xfree86.cvs/200...    java.netbeans.m...    network.argus/2...    culture.sf.kill...    debian.ports.al...    freebsd.questio...    qplus.devel/200...    handhelds.palm....   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe