On 27/12/14 13:47, Stuart Dallas wrote: > Came across this today and thought it might be of interest. Some food for thought at the very least. > > > http://vimeo.com/11213607 > > > > Note that the whole scenario starts with a lack of adequate MySQL escaping. The smallest vulnerability can lead to a massive intrusion. > > > -Stuart This is pretty old and realistically, with any half-well implemented server, the worst an SQL injection can do is read from the database. The reverse shell script (that we don't see) would not working on the vast majority of hosts which would stop this in it tracks very early on. Besides who still uses FTP and virtual users? Gibbs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
