Re: Re: Sending filing attachments using PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



php is not the only language susceptible to x-browser attacks... seems unfair to single it out.

And as previously pointed out, many times it the developer's fault for writing that insecure code

Bastien


From: "JupiterHost.Net" <mlists@xxxxxxxxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
Subject: Re:  Re: Sending filing attachments using PHP
Date: Fri, 12 May 2006 18:53:13 -0500



Stut wrote:
I think we may have to agree to disagree. I love PHP. I've never had a

Ah I completely forgot about this sort of fun thing that I find in my email almost once a week, just got this one:

http://forums.gentoo.org/viewtopic-t-460727.html

now how many phpinfo() pages do you think there are and how many are vulnerable to the cross-site scripting attack.

So this report means you have to upgrade your binary and it addresses:
 - system level problems (buffer overflow, memory leak, potential crash)
 - web based secuity attacks (corss-site scripting)
 - code based security attacks (restriction bybasses)

*exactly* the sort of stuff thats jaded me :)

Time to upgrade each install of PHP on all 13 server's :)

The phpingo(0 reminds me of the one they had where a php file with only this line:

 <? phpinfo(); ?>

would allow an attacker to upload a rootkit and damage the system, saaaweeet ;p

or a cross site scripting/SQL injection thing that'd allow people to post HTML to your site and make it show whatever they wanted...

good times, good times

Peace everyone, its been really fun :)

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux