Re: php vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Shafiq Rehman wrote:
Thanx to all of you. My server is running on Linux and there is not any phpbb running on it. If vulnerability is in my code.. Is there any way that I can find the buggy code on my server which allowed that trojan to write into all the index files.

To start with, take a look at any filesystem or shell calls you make and ensure that all parameters that are sourced from user input are properly checked to ensure that the user hasn't entered something they shouldn't've. For example "../../../etc/passwd" to a file_get_contents() call.

Jasper

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux