homepage Welcome to WebmasterWorld Guest from 54.211.80.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
php fileupload vulnerability
starec




msg:1313207
 11:26 am on Feb 28, 2002 (gmt 0)

For people using php, I received today a cert advisory about the upload vulnerability. You might want to consider an upgrade or disabling the uploads before it's too late:)

 

sugarkane




msg:1313208
 12:02 pm on Feb 28, 2002 (gmt 0)

Thanks for that - you don't have a URL handy do you?

starec




msg:1313209
 12:07 pm on Feb 28, 2002 (gmt 0)

Sure I do. Forgot to include it in the first post.
[security.e-matters.de...]

David




msg:1313210
 9:14 pm on Mar 2, 2002 (gmt 0)

Thanks for the heads up!

I have two servers and was going to do the quick fix for today with the..

file_upload = off in the php.ini file.

My php 4.06 ini has a section for file uploads with the easy fix of changing on to off.

I also have php 4.0.3pl1. It has in the paths section of the ini file the place to adjust the upload file size and a line to adjust the destination directory. But no where can I find the File_upload line to turn it off.

Does any one know if this line should be there in this version ?

I would just do a quick upgrade but there is nothing normal about this servers setup. It seems like who ever set it up the first time changed all the default install directories so a "configure" "make" "install" never goes smoothe.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved