[CentOS] Strange Apache log entry
Gordon Messmer
yinyang at eburg.comFri Aug 27 21:27:50 UTC 2010
- Previous message: [CentOS] Strange Apache log entry
- Next message: [CentOS] Strange Apache log entry
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 08/26/2010 03:29 AM, Keith Roberts wrote: > register_globals is supposed to be off by default - so that > should stop any global variables being injected. Doesn't matter. The vulnerability discussed is one where a PHP application actually takes the name of a file as input from the client. If your application does that and does not sanitize the path then it ends up vulnerable to code injection from the user.
- Previous message: [CentOS] Strange Apache log entry
- Next message: [CentOS] Strange Apache log entry
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list