Welcome to WebmasterWorld Guest from 54.226.25.231

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

php fileupload vulnerability

     

starec

11:26 am on Feb 28, 2002 (gmt 0)

10+ Year Member



For people using php, I received today a cert advisory about the upload vulnerability. You might want to consider an upgrade or disabling the uploads before it's too late:)

sugarkane

12:02 pm on Feb 28, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks for that - you don't have a URL handy do you?

starec

12:07 pm on Feb 28, 2002 (gmt 0)

10+ Year Member



Sure I do. Forgot to include it in the first post.
[security.e-matters.de...]

David

9:14 pm on Mar 2, 2002 (gmt 0)

10+ Year Member



Thanks for the heads up!

I have two servers and was going to do the quick fix for today with the..

file_upload = off in the php.ini file.

My php 4.06 ini has a section for file uploads with the easy fix of changing on to off.

I also have php 4.0.3pl1. It has in the paths section of the ini file the place to adjust the upload file size and a line to adjust the destination directory. But no where can I find the File_upload line to turn it off.

Does any one know if this line should be there in this version ?

I would just do a quick upgrade but there is nothing normal about this servers setup. It seems like who ever set it up the first time changed all the default install directories so a "configure" "make" "install" never goes smoothe.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month