[pmwiki-users] pmwiki exploit
Patrick R. Michaud
pmichaud at pobox.com
Tue Sep 5 09:25:59 CDT 2006
On Wed, Sep 06, 2006 at 12:38:59AM +1200, Robin Sheat wrote:
> On Wednesday 06 September 2006 00:17, Nils Knappmeier wrote:
> > I verified it, and it really works.
> Of course, most people should have register_globals=off in their php.ini file,
> which will prevent this happening at all. If you don't, now is a good time to
> check if you can happily run with it off. Many PHP application exploits
> require it to be 'on' to be effective.
If you don't have privileges to adjust the php.ini file directly,
you might try adjusting it in .htaccess:
php_flag register_globals off
One can use ?action=phpinfo (with $EnableDiag = 1 set) to
determine if register_globals is indeed set to 'off'.
More information about the pmwiki-users