Bugtraq mailing list archives
Re: Possible bug in PHPNuke and other CMS
From: Luca Falavigna <fala83 () libero it>
Date: Tue, 01 Jun 2004 19:13:53 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander GQ Gerasiov ha scritto: | | I'm sure that such problems must be fixed not with some hacks like | yours (checking domain name), but with webserver configuration (uid | and permissions, php abilities (like safe mode or open_base_dir | option) etc.) | File permissions must always permit execution of php pages by web servers. And symlink is followed and code executed because web servers must have access to that directory and code. We can operate with php security options too and obtain the same result but what if we cannot modify them? We are uncovered!!! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBQLy5UPTtdJayrm9xAQJYsggAjH3AAqT6olYdcnK6Oon91TtPDk96ajSC JCJbqcdjRgGeOWq7YczYvysr7ff/splZZ6f1wMWbJwcmFntE/gWdRmU2+Y0/4sHv P4w9Cymmdhhc8E91KqYUfJNYFqWhGfdjaCsZ6p+8tj/+hm/ZPWFuU+2mI+8T4S6i lEEveVl3DiUfG4oxImOyn/6vAgmUcnMkL/qm+TpSqItPd22Q3rP7gagXbJBn8U34 lKjQHy8KhJeEh8NZ4bQ6BR7My3iHFigOcA3sbN+vDnsptz+TIIhKfF2R1vvEOjcd 2YICuxiio7hHN/VkmJP++OazuWIUr5lDQuJIOwszfI0ozwalRQ9X/Q== =41ma -----END PGP SIGNATURE-----
Current thread:
- Re: Possible bug in PHPNuke and other CMS Peter Hagstrøm (Jun 01)
- <Possible follow-ups>
- Re: Possible bug in PHPNuke and other CMS Alexander GQ Gerasiov (Jun 01)
- Re: Possible bug in PHPNuke and other CMS Luca Falavigna (Jun 01)
- Re: Possible bug in PHPNuke and other CMS BlueRaven (Jun 04)
- Re: Possible bug in PHPNuke and other CMS Luca Falavigna (Jun 01)