[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (php?) bug exploit report

On 19 Jan 2004, Csan wrote:
> The URL is part of a postnuke site and they could start up the telnetd binary
> with invoking an URL similar to the above URL!
> Is this a known sechole?

I think you should be able to avoid such exploits by using PHP's safe
mode. It allow you, among other things, to specify that only files in
a particular directory may be executed. This way, even if someone
succeeds uploading an exploit onto your server, he won't be able to run



Reply to: