Re: How to work around FORM method="post" changing "." to "_" please? — PHP Programming Language

You are here: Re: How to work around FORM method="post" changing "." to "_" please? « PHP Programming Language « IT news, forums, messages

Posted by william.hooper on 10/14/07 17:57

I also trying to get my hear around:

http://www.attackers-r-us.com/nastycode

This translates to http://www.attackers-r-us.com/nastycode.php and
with allow_url_fopen enabled, this remote file will be included into
the script and executed. Note that the remote server would have to
serve php files as the raw script, instead of processing them with a
PHP module first, in order for this attack to be effective, or a
script would have to output PHP code ( readfile(realnastycode.php) for
instance).

Mechanisms such as the above allow attackers to execute any code they
desire on vulnerable web systems.

One simple way to prevent this style of attack is to disable
allow_url_fopen. This can be set in php.ini.

Navigation:

Next in forum: Re: OT: security
Prev in forum: Re: How to work around FORM method="post" changing "." to "_" please?
Thread view: Re: How to work around FORM method="post" changing "." to "_" please?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация