[pmwiki-users] pmwiki exploit

V.Krishn webmaster at insteps.net
Wed Sep 6 02:56:39 CDT 2006


On Tuesday 05 September 2006 19:55, Patrick R. Michaud wrote:
> On Wed, Sep 06, 2006 at 12:38:59AM +1200, Robin Sheat wrote:
> > On Wednesday 06 September 2006 00:17, Nils Knappmeier wrote:
> > > I verified it, and it really works.
> >
> > Of course, most people should have register_globals=off in their php.ini
> > file, which will prevent this happening at all. If you don't, now is a
> > good time to check if you can happily run with it off. Many PHP
> > application exploits require it to be 'on' to be effective.
>
> If you don't have privileges to adjust the php.ini file directly,
> you might try adjusting it in .htaccess:
>
>     php_flag register_globals off
Thanks for the warnings. 
Its amazing how my webspace provider had left this variable on. If I am not 
mistaken this variable got to be off by default in PHP 4.2 and above.

V.Krishn
>
> One can use ?action=phpinfo (with $EnableDiag = 1 set) to
> determine if register_globals is indeed set to 'off'.
>
> Pm
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users




More information about the pmwiki-users mailing list