Full Disclosure: Re: FWD: PhotoPost vBGallery Important Security Bulletin

Re: FWD: PhotoPost vBGallery Important Security Bulletin

From: trains <trains () doctorunix com>
Date: Fri, 11 Jan 2008 09:42:32 -0600

Addendum to my ealier post:

Since php and perl and etc etc are all vulnerable, and php files can  
have many file suffixes beside (.php), perhaps the better <Files>  
statement would just allow images and deny everything else:

  <Files ~ "\.(gif|jpe?g|png)$">

or maybe

  <FilesMatch "\.(gif|jpe?g|png)$">

You get the idea.

tr


-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact:    services () doctorunix com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

FWD: PhotoPost vBGallery Important Security Bulletin ad () heapoverflow com (Jan 11)
- Re: FWD: PhotoPost vBGallery Important Security Bulletin trains (Jan 11)
  - Re: FWD: PhotoPost vBGallery Important Security Bulletin trains (Jan 11)
    - Re: FWD: PhotoPost vBGallery ImportantSecurity Bulletin php0t (Jan 11)
    - Re: FWD: PhotoPost vBGallery ImportantSecurity Bulletin trains (Jan 11)