On 08/26/2010 03:29 AM, Keith Roberts wrote: > register_globals is supposed to be off by default - so that > should stop any global variables being injected. Doesn't matter. The vulnerability discussed is one where a PHP application actually takes the name of a file as input from the client. If your application does that and does not sanitize the path then it ends up vulnerable to code injection from the user. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Strange Apache log entry
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Strange Apache log entry
- From: Gordon Messmer <yinyang@xxxxxxxxx>
- Date: Fri, 27 Aug 2010 14:27:50 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <alpine.LFD.2.00.1008261105020.11104@karsites>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100806 Fedora/3.1.2-1.fc13 Lightning/1.0b2pre Thunderbird/3.1.2
- References:
- Strange Apache log entry
- From: Gilbert Sebenste
- Re: Strange Apache log entry
- From: Keith Roberts
- Re: Strange Apache log entry
- From: Gilbert Sebenste
- Re: Strange Apache log entry
- From: Gordon Messmer
- Re: Strange Apache log entry
- From: Keith Roberts
- Re: Strange Apache log entry
- From: Gordon Messmer
- Re: Strange Apache log entry
- From: Keith Roberts
- Strange Apache log entry
- Prev by Date: Re: slightly OT: dban
- Next by Date: Re: Freezing gnome terminals...
- Previous by thread: Re: Strange Apache log entry
- Next by thread: Re: Strange Apache log entry
- Index(es):
 |