Stut wrote:
I think we may have to agree to disagree. I love PHP. I've never had a
Ah I completely forgot about this sort of fun thing that I find in my
email almost once a week, just got this one:
http://forums.gentoo.org/viewtopic-t-460727.html
now how many phpinfo() pages do you think there are and how many are
vulnerable to the cross-site scripting attack.
So this report means you have to upgrade your binary and it addresses:
- system level problems (buffer overflow, memory leak, potential crash)
- web based secuity attacks (corss-site scripting)
- code based security attacks (restriction bybasses)
*exactly* the sort of stuff thats jaded me :)
Time to upgrade each install of PHP on all 13 server's :)
The phpingo(0 reminds me of the one they had where a php file with only
this line:
<? phpinfo(); ?>
would allow an attacker to upload a rootkit and damage the system,
saaaweeet ;p
or a cross site scripting/SQL injection thing that'd allow people to
post HTML to your site and make it show whatever they wanted...
good times, good times
Peace everyone, its been really fun :)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
