Re: (php?) bug exploit report
On 19 Jan 2004, Csan wrote:
> The URL is part of a postnuke site and they could start up the telnetd binary
> with invoking an URL similar to the above URL!
> Is this a known sechole?
I think you should be able to avoid such exploits by using PHP's safe
mode. It allow you, among other things, to specify that only files in
a particular directory may be executed. This way, even if someone
succeeds uploading an exploit onto your server, he won't be able to run