|
|
Posted by Jim Carlock on 02/28/06 08:03
I can't find the link right at the moment, but somewhere I read
something about magic_quotes settings in the PHP.INI file.
The current settings on the XP machine...
<snip>
; Magic quotes
;
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
;...
;added php_mime_magic.dll to test mime_content_type() function
extension=php_mime_magic.dll
</snip>
I enabled the php_mime_magic.dll on the XP machine.
The Apache server lists mod_mime_magic as a loaded module.
On the aquaticcreationsnc.com server (run by some webhosting
company) the settings read the same:
magic_quotes_gpc = On
magic_quotes_runtime = Off
magic_quotes_sybase = Off
Apache Loaded Modules (displayed through phpinfo();)...
mod_mime_magic
And there is one a Directive listed in both configurations as:
<Directive name="safe_mode_allowed_env_vars" content="Local Value=PHP_" />
Anyways, Google is appearantly vulnerable to the XSS
(cross site scripting) attacks as well. In fact, I noticed some
strange things happening with Google and their cached pages.
There seems to be quite a bit of information available here...
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December.txt
I'm lost. Hopefully someone knows what's going on and can help
out.
Jim Carlock
Raleigh+Swimming+Pool+Builders++http://aquaticcreationsnc.com/
Post replies to the group.
Navigation:
[Reply to this message]
|