[pmwiki-users] Moving PmWiki session out of /tmp

Thomas -Balu- Walter list+pmwiki-users at b-a-l-u.de
Mon Nov 28 05:04:32 CST 2005

On Mon, Nov 28, 2005 at 09:39:21AM +0100, Joachim Durchholz wrote:
> Ben Wilson schrieb:
> >Now to see if somehow the hacker finds access 
> >to that directory. :-)
> Disallow WWW access to that directory.

That won't help. If the attacker can include a remote file (aka
include('http://...');) then he can access any file the webserver can.

There are lots of examples for PHP based file browsers that enable to
walk through a webservers directory structure just like windows users do
in the Explorer.


More information about the pmwiki-users mailing list