On Wed, Mar 5, 2008 at 4:58 AM, Pieter du Toit <pieter@xxxxxxxxxxxxxxxxx> wrote:
And unless you have your (Apache|IIS|etc.) web server set to
disable direct-access and/or web serving of *.inc files, you should
change these to *.php or *.inc.php files ASAP. Especially the first.
You're looking at a potentially severe security vulnerability there,
depending on what userpass.inc contains (at which I can take a guess).
> <? include ("userpass.inc"); ?>
> <? include ("body_begin.inc"); ?>
> <? include ("body_end.inc"); ?>
--
</Dan>
Daniel P. Brown
Senior Unix Geek
<? while(1) { $me = $mind--; sleep(86400); } ?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
