Bugtraq mailing list archives
Re: Critical phpwiki c99shell exploit
From: Taneli Leppä <taneli () crasman fi>
Date: Mon, 16 Apr 2007 13:29:01 +0300
Hello, Gadi Evron wrote:
This is a good best practice, but it doesn't hold water long range. Further, where do you disallow these extensions? In the application? Mostly what the bad guys would do is upload, say.. .jpg, and then rename it.
This is what I do in Apache to directories used to store user uploaded files: <Directory "/var/www/html/application/uploaded"> php_admin_flag engine off </Directory> -- Taneli Leppä | Crasman Co Ltd <taneli () crasman fi> | <http://www.crasman.fi/>
Current thread:
- Critical phpwiki c99shell exploit rurban (Apr 12)
- Re: Critical phpwiki c99shell exploit Gadi Evron (Apr 12)
- RE: Critical phpwiki c99shell exploit Ryan Neufeld (Apr 12)
- Re: Critical phpwiki c99shell exploit Taneli Leppä (Apr 16)
- Re: Critical phpwiki c99shell exploit Jamie Riden (Apr 12)
- Re: Critical phpwiki c99shell exploit Gadi Evron (Apr 12)