[pmwiki-users] pmwiki exploit
webmaster at insteps.net
Wed Sep 6 02:56:39 CDT 2006
On Tuesday 05 September 2006 19:55, Patrick R. Michaud wrote:
> On Wed, Sep 06, 2006 at 12:38:59AM +1200, Robin Sheat wrote:
> > On Wednesday 06 September 2006 00:17, Nils Knappmeier wrote:
> > > I verified it, and it really works.
> > Of course, most people should have register_globals=off in their php.ini
> > file, which will prevent this happening at all. If you don't, now is a
> > good time to check if you can happily run with it off. Many PHP
> > application exploits require it to be 'on' to be effective.
> If you don't have privileges to adjust the php.ini file directly,
> you might try adjusting it in .htaccess:
> php_flag register_globals off
Thanks for the warnings.
Its amazing how my webspace provider had left this variable on. If I am not
mistaken this variable got to be off by default in PHP 4.2 and above.
> One can use ?action=phpinfo (with $EnableDiag = 1 set) to
> determine if register_globals is indeed set to 'off'.
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
More information about the pmwiki-users