WebApp Sec mailing list archives
Re: Mambo, Coppermine and PHPBB Attacks
From: Paul Laudanski <zx () castlecops com>
Date: Sun, 25 Dec 2005 19:29:37 -0500 (EST)
On Mon, 26 Dec 2005, Yasuo Ohgaki wrote:
But I don't insist nx bit support is useless.
I'm not sure I follow this one? Are you meaning: http://en.wikipedia.org/wiki/NX_bit
Anyway, most php script do not need remote script execution feature. And even with SELinux, it cannot prevent to execute remote code while access to local file could be rejected and reported. Making allow_url_fopen useless is bad thing.
Can you expand on this one please, or are you throwing it back to your original reply? -- Paul Laudanski, Microsoft MVP Windows-Security [cal] http://events.castlecops.com [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki.castlecops.com [family] http://cuddlesnkisses.com
Current thread:
- Mambo, Coppermine and PHPBB Attacks Mark Ryan del Moral Talabis (Dec 18)
- RE: Mambo, Coppermine and PHPBB Attacks John Cobb (Dec 19)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 20)
- Re: Mambo, Coppermine and PHPBB Attacks Tofik Suleymanov (Dec 20)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 21)
- Re: Mambo, Coppermine and PHPBB Attacks Yasuo Ohgaki (Dec 24)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 24)
- Re: Mambo, Coppermine and PHPBB Attacks Yasuo Ohgaki (Dec 25)
- Re: Mambo, Coppermine and PHPBB Attacks Paul Laudanski (Dec 25)
- Re: Mambo, Coppermine and PHPBB Attacks Yasuo Ohgaki (Dec 29)
- Re: Mambo, Coppermine and PHPBB Attacks ascii (Dec 29)
- Re: Mambo, Coppermine and PHPBB Attacks Andrew van der Stock (Dec 29)
- Re: Mambo, Coppermine and PHPBB Attacks Tofik Suleymanov (Dec 20)
- Re: Mambo, Coppermine and PHPBB Attacks Jack Tennessee (Dec 22)