Home page logo
/

basics logo Security Basics mailing list archives

RE: PHP Security Risk?
From: "AndrewC" <andrew () whirlow plus com>
Date: Thu, 2 Dec 2004 20:12:21 -0000


Most PHP programs with file upload capabilities could allow a remote
attacker to manipulate the program into opening arbitrary files on the
server. A vulnerability in the way file uploads are handled could allow a
remote attacker to gain read access to any file on the server that the user
running the Web server can access (usually "nobody"). This could allow an
attacker to view sensitive information, such as PHP code or database
information. I am not sure of the specifics of PHP 5 but have a look at the
link below for specifics on file upload.

http://uk.php.net/manual/en/features.file-upload.php


Good Luck

Andrew Craig

A+ N+ MCSE CCNA



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]