WebApp Sec mailing list archives
Re: Mambo, Coppermine and PHPBB Attacks
From: Paul Laudanski <zx () castlecops com>
Date: Tue, 20 Dec 2005 17:15:43 -0500 (EST)
On Tue, 20 Dec 2005, Tofik Suleymanov wrote:
From php.ini "Whether to allow the treatment of URLs (like http:// or ftp://) as files." In latest versions of php this option is set to secure mode of operation by default (as far as i know): allow_url_fopen = Off This option prevents such type of attacks.
Just so that we can set the record straight I checked the manual at php.net. Reference: http://us2.php.net/filesystem allow_url_fopen by default is set to On. -- Paul Laudanski, Microsoft MVP Windows-Security [cal] http://events.castlecops.com [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki.castlecops.com [family] http://cuddlesnkisses.com
Current thread:
- Mambo, Coppermine and PHPBB Attacks Mark Ryan del Moral Talabis (Dec 18)
- RE: Mambo, Coppermine and PHPBB Attacks John Cobb (Dec 19)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 20)
- Re: Mambo, Coppermine and PHPBB Attacks Tofik Suleymanov (Dec 20)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 21)
- Re: Mambo, Coppermine and PHPBB Attacks Yasuo Ohgaki (Dec 24)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 24)
- Re: Mambo, Coppermine and PHPBB Attacks Yasuo Ohgaki (Dec 25)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 25)
- Re: Mambo, Coppermine and PHPBB Attacks Yasuo Ohgaki (Dec 29)
- Re: Mambo, Coppermine and PHPBB Attacks ascii (Dec 29)
- Re: Mambo, Coppermine and PHPBB Attacks Andrew van der Stock (Dec 29)
- Re: Mambo, Coppermine and PHPBB Attacks Tofik Suleymanov (Dec 20)
- Re: Mambo, Coppermine and PHPBB Attacks Jack Tennessee (Dec 22)