WebApp Sec mailing list archives

PHP Security

From: "Greg Song" <bigrootno1 () gmail com>
Date: Tue, 18 Mar 2008 08:58:49 +0900

Hi all
Thesedays I'm analyzing the solarys system that using apache web
server and php. Of cause it hacked.
I could not find reason of some situation that the specified directory
are created over and over(it includes check.js)
Weblog record as below

xxx.xxx.xxx.xxx GET "/XXX/ahibix/check.js

Some pages can upload the file but it didn't work when I uploaded some php file.
I'm wondering how it makes some directories.
Any suggestin,ideas.
Thanks all

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

PHP Security Greg Song (Mar 18)
- Re: PHP Security Eduardo Tongson (Mar 18)
- Re: PHP Security Eric Marden (Mar 18)
  - Re: PHP Security Greg Song (Mar 18)
- <Possible follow-ups>
- Re: PHP Security Greg Song (Mar 18)