Security Basics mailing list archives
RE: PHP Security Risk?
From: "AndrewC" <andrew () whirlow plus com>
Date: Thu, 2 Dec 2004 20:12:21 -0000
Most PHP programs with file upload capabilities could allow a remote attacker to manipulate the program into opening arbitrary files on the server. A vulnerability in the way file uploads are handled could allow a remote attacker to gain read access to any file on the server that the user running the Web server can access (usually "nobody"). This could allow an attacker to view sensitive information, such as PHP code or database information. I am not sure of the specifics of PHP 5 but have a look at the link below for specifics on file upload. http://uk.php.net/manual/en/features.file-upload.php Good Luck Andrew Craig A+ N+ MCSE CCNA
Current thread:
- PHP Security Risk? Stephane Auger (Dec 02)
- Re: PHP Security Risk? John GALLET (Dec 03)
- Re: PHP Security Risk? Greg Donald (Dec 03)
- Re: PHP Security Risk? q q (Dec 06)
- Re: PHP Security Risk? Daniel Rubio (Dec 09)
- Re: PHP Security Risk? John GALLET (Dec 07)
- Re: PHP Security Risk? Greg Donald (Dec 03)
- Re: PHP Security Risk? John GALLET (Dec 03)
- Re: PHP Security Risk? Simon (Dec 03)
- RE: PHP Security Risk? AndrewC (Dec 03)
- Re: PHP Security Risk? Andrew Smith (Dec 03)