[CentOS] Strange Apache log entry
Gordon Messmer
yinyang at eburg.com
Fri Aug 27 21:27:50 UTC 2010
On 08/26/2010 03:29 AM, Keith Roberts wrote:
> register_globals is supposed to be off by default - so that
> should stop any global variables being injected.
Doesn't matter. The vulnerability discussed is one where a PHP
application actually takes the name of a file as input from the client.
If your application does that and does not sanitize the path then it
ends up vulnerable to code injection from the user.
More information about the CentOS
mailing list