Menu
▾
▴
[Phpwebsite-developers] Security Announcement
|
From: Wendall C. <wen...@to...> - 2005-02-25 00:26:54
|
Hey all. There was a security announcement on BUGTRAQ http://www.securityfocus.com/archive/1/391496/2005-02-21/2005-02-27/0 I tested and it is invalid. It can be exploited if you change the settings to allow for uploading of php files, which the submitter failed to mention. He also failed to mention OS/Server/PHP version as well. Maybe this does work on Personal Web Server for Windows 95, dunno. This should at least be a good example of why phpWebSite will never be permitted to insert code for any reason or in any form through the interface. Not sure how you want to respond to this Matt, but since it's already all over the internet, I'll just post it here and leave it up to you. Wendall |
