php is not the only language susceptible to x-browser attacks... seems
unfair to single it out.
And as previously pointed out, many times it the developer's fault for
writing that insecure code
Bastien
From: "JupiterHost.Net" <mlists@xxxxxxxxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
Subject: Re: Re: Sending filing attachments using PHP
Date: Fri, 12 May 2006 18:53:13 -0500
Stut wrote:
I think we may have to agree to disagree. I love PHP. I've never had a
Ah I completely forgot about this sort of fun thing that I find in my email
almost once a week, just got this one:
http://forums.gentoo.org/viewtopic-t-460727.html
now how many phpinfo() pages do you think there are and how many are
vulnerable to the cross-site scripting attack.
So this report means you have to upgrade your binary and it addresses:
- system level problems (buffer overflow, memory leak, potential crash)
- web based secuity attacks (corss-site scripting)
- code based security attacks (restriction bybasses)
*exactly* the sort of stuff thats jaded me :)
Time to upgrade each install of PHP on all 13 server's :)
The phpingo(0 reminds me of the one they had where a php file with only
this line:
<? phpinfo(); ?>
would allow an attacker to upload a rootkit and damage the system,
saaaweeet ;p
or a cross site scripting/SQL injection thing that'd allow people to post
HTML to your site and make it show whatever they wanted...
good times, good times
Peace everyone, its been really fun :)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
