|
|
Posted by Leopold Stotch on 02/28/06 13:28
Jim Carlock wrote:
> I can't find the link right at the moment, but somewhere I read
> something about magic_quotes settings in the PHP.INI file.
>
http://tinyurl.com/jajd3 may be what you were thinking of.
> The current settings on the XP machine...
>
> <snip>
> ; Magic quotes
> ;
>
> ; Magic quotes for incoming GET/POST/Cookie data.
> magic_quotes_gpc = On
>
> ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
> magic_quotes_runtime = Off
>
> ; Use Sybase-style magic quotes (escape ' with '' instead of \').
> magic_quotes_sybase = Off
> ;...
> ;added php_mime_magic.dll to test mime_content_type() function
> extension=php_mime_magic.dll
> </snip>
>
> I enabled the php_mime_magic.dll on the XP machine.
> The Apache server lists mod_mime_magic as a loaded module.
>
> On the aquaticcreationsnc.com server (run by some webhosting
> company) the settings read the same:
>
> magic_quotes_gpc = On
> magic_quotes_runtime = Off
> magic_quotes_sybase = Off
>
> Apache Loaded Modules (displayed through phpinfo();)...
> mod_mime_magic
>
> And there is one a Directive listed in both configurations as:
> <Directive name="safe_mode_allowed_env_vars" content="Local Value=PHP_" />
>
> Anyways, Google is appearantly vulnerable to the XSS
> (cross site scripting) attacks as well. In fact, I noticed some
> strange things happening with Google and their cached pages.
>
> There seems to be quite a bit of information available here...
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-December.txt
>
> I'm lost. Hopefully someone knows what's going on and can help
> out.
>
> Jim Carlock
> Raleigh+Swimming+Pool+Builders++http://aquaticcreationsnc.com/
> Post replies to the group.
>
>
Navigation:
[Reply to this message]
|