mailing list archives
RE: PHP Security Risk?
From: "AndrewC" <andrew () whirlow plus com>
Date: Thu, 2 Dec 2004 20:12:21 -0000
Most PHP programs with file upload capabilities could allow a remote
attacker to manipulate the program into opening arbitrary files on the
server. A vulnerability in the way file uploads are handled could allow a
remote attacker to gain read access to any file on the server that the user
running the Web server can access (usually "nobody"). This could allow an
attacker to view sensitive information, such as PHP code or database
information. I am not sure of the specifics of PHP 5 but have a look at the
link below for specifics on file upload.
A+ N+ MCSE CCNA