[pmwiki-users] action=upload hacked ???
Christophe David
pmwiki at christophedavid.org
Fri May 4 14:46:01 CDT 2007
>
> Is the root directory of the field writable? If so, it shouldn't be.
It is indeed. Will change that.
That still doesn't explain where the files are coming from,
> but I suspect it's not as a result of the uploads capability.
>
> > I would appreciate it if someone would report a similar experience
> and
> > share his findings, or suggest a particular cookbook or combination
> of
> > settings that would allow the creation of these files.
>
> Perhaps you could help us narrow things down by letting us know
> what recipes and/or settings you're using...?
Here we go...
ActionLog.php
authuser.php
charts.php
emenu.php
enablehtml.php
e-protect.php
expirediff.php
FlashMindMap.php
includeSite.php
pmwiki2pdf.php
postitnotes.php
rssdisplay.php
searchterms.php
sourceblock.php
stylepage.php
VisitorsLogging.php
Unfortunately, the accesslog retention period is such that I missed the
lines for the moment these files were created.
I intend to check for the existence of such files more often and try to find
in the access log which page/action was used.
Christophe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070504/dfadd535/attachment-0001.html
More information about the pmwiki-users
mailing list