[thelist] PHP security hole
David Kutcher
david_kutcher at hotmail.com
Wed Feb 27 23:18:01 CST 2002
> It seems logical to blow this one off if you don't have any scripts that
> use file uploads
Huh, well, I have 2 web-based CMS products, both with a fairly wide
distribution... and all versions use php file uploads through a post.
Guess who just wrote a long detailed email to all of his clients and left a
voicemail on all of their business phones? You guessed it. (at midnight)
It's going to be a fun next 4 days. If they just discovered this one, I
unfortunately think there are going to be a few little ones in the next few
days as well.
Thankfully in my products' licensing agreement there's a clause guarding
against this.
David
www.confluentforms.com
More information about the thelist
mailing list