[nycphp-talk] Holiday Greetings to Everyone...
Joseph Crawford
codebowl at gmail.com
Tue Dec 26 17:11:00 EST 2006
Chris,
do you suggest hardcoding the filenames even when referencing the same file
that is executing?
On 12/26/06, Chris Shiflett <shiflett at php.net> wrote:
>
> mikesz at qualityadvantages.com wrote:
> > Hello, I am trying to research an issue about PHP_SELF and was
> > wondering if anyone knew the currently status of this exploit.
> > I read a description of the exploit that was a couple of years
> > old but can not find any "current" status of the bug, even on
> > the php.net bug tracking.
>
> It's not a bug. It's a vulnerability that you can create in your own
> applications if you blindly trust $_SERVER['PHP_SELF'].
>
> Don't do that.
>
> Chris
>
> --
> Chris Shiflett
> http://shiflett.org/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20061226/2b4e710e/attachment.html>
More information about the talk
mailing list