Bugtraq mailing list archives
Re: New command execution vulnerability in myPhpAdmin
From: Heikki Korpela <heko () iki fi>
Date: Wed, 1 Aug 2001 00:35:55 +0300 (EEST)
On Tue, 31 Jul 2001, Mark Renouf wrote:
I would HIGHLY recommend turning off register_globals in php.ini (which is the default in set in php.ini-dist for php4+).
This is incorrect. Currently register_globals is by default
On, and most scripts out there assume that it is so. Whether or not
it will remain as so is still open for discussion.
Also see Rasmus Lerdorf's proposal:
http://marc.theaimsgroup.com/?l=php-dev&m=99638397319055&w=2
--
<---------------------------------------------------------------------->
Heikki Korpela -- heko () iki fi -- http://iki.fi/heko/
Current thread:
- New command execution vulnerability in myPhpAdmin Carl Livitt (Jul 31)
- Re: New command execution vulnerability in myPhpAdmin Mark Renouf (Jul 31)
- Re: New command execution vulnerability in myPhpAdmin Heikki Korpela (Jul 31)
- Re: New command execution vulnerability in myPhpAdmin Mark Renouf (Jul 31)