Re: How to work around FORM method="post" changing "." to "_" please?
- From: william.hooper@xxxxxxxxx
- Date: Sun, 14 Oct 2007 10:57:59 -0700
I also trying to get my hear around:
http://www.attackers-r-us.com/nastycode
This translates to http://www.attackers-r-us.com/nastycode.php and
with allow_url_fopen enabled, this remote file will be included into
the script and executed. Note that the remote server would have to
serve php files as the raw script, instead of processing them with a
PHP module first, in order for this attack to be effective, or a
script would have to output PHP code ( readfile(realnastycode.php) for
instance).
Mechanisms such as the above allow attackers to execute any code they
desire on vulnerable web systems.
One simple way to prevent this style of attack is to disable
allow_url_fopen. This can be set in php.ini.
.
- Follow-Ups:
- Re: OT: security
- From: Rik Wasmus
- Re: OT: security
- References:
- How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: Lars Eighner
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: Lars Eighner
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: Rik Wasmus
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: Rik Wasmus
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: Rik Wasmus
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: Rik Wasmus
- Re: How to work around FORM method="post" changing "." to "_" please?
- From: william . hooper
- How to work around FORM method="post" changing "." to "_" please?
- Prev by Date: Re: How to work around FORM method="post" changing "." to "_" please?
- Next by Date: Re: OT: security
- Previous by thread: Re: How to work around FORM method="post" changing "." to "_" please?
- Next by thread: Re: OT: security
- Index(es):
Relevant Pages
|
