NYCPHP Meetup

[Chris Shiflett]

mikesz at qualityadvantages.com wrote:
> Hello, I am trying to research an issue about PHP_SELF and was
> wondering if anyone knew the currently status of this exploit.
> I read a description of the exploit that was a couple of years
> old but can not find any "current" status of the bug, even on
> the php.net bug tracking.

It's not a bug. It's a vulnerability that you can create in your own
applications if you blindly trust $_SERVER['PHP_SELF'].

Don't do that.

Chris

-- 
Chris Shiflett
http://shiflett.org/