mailing list archives
Re: phptonuke allows Remote File Retrieving
From: BlueRaven <blueraven () libero it>
Date: Thu, 17 Oct 2002 09:35:52 +0200
On Thu, Oct 17, 2002 at 05:50:10AM +0800, Zero-X ScriptKiddy wrote:
The file "phptonuke.php" from myphpnuke allows Remote File Retrieving.
This is not really a specific vulnerability in the application, but a more
general PHP feature: by default, it is possible to open any world readable
You can override this by using openbase_dir setting in php.ini and
restricting file operations to a specified subset of paths.
There are only 10 types of people in this world...
those who understand binary, and those who don't.