Re: New command execution vulnerability in myPhpAdmin

From: Heikki Korpela (hekoat_private)
Date: Tue Jul 31 2001 - 14:35:55 PDT

Next message: MARTAK,PAVEL (HP-Czechia,ex1): "FW: Entrust - getAccess"

Previous message: Carl Livitt: "Buffer overflow in BestCrypt for Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 31 Jul 2001, Mark Renouf wrote:

> I would HIGHLY
> recommend turning off  register_globals in php.ini (which is the default
> in set in php.ini-dist for php4+).

This is incorrect. Currently register_globals is by default
On, and most scripts out there assume that it is so. Whether or not
it will remain as so is still open for discussion.

Also see Rasmus Lerdorf's proposal:

	http://marc.theaimsgroup.com/?l=php-dev&m=99638397319055&w=2

-- 
<---------------------------------------------------------------------->
          Heikki Korpela -- hekoat_private -- http://iki.fi/heko/

Next message: MARTAK,PAVEL (HP-Czechia,ex1): "FW: Entrust - getAccess"
Previous message: Carl Livitt: "Buffer overflow in BestCrypt for Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 14:54:41 PDT