[Full-disclosure] FWD: PhotoPost vBGallery ImportantSecurity Bulletin
trains
trains at doctorunix.com
Fri Jan 11 18:51:10 GMT 2008
Quoting php0t <php0t at zorro.hu>:
> From: "trains" <trains at doctorunix.com>
>> The "AddType" statement for php is normally system-wide, which means
>> the web server will execute php scripts that may be found in the
>> upload directory. This can be fixed multiple ways:
>
> They will just place an .htaccess and do addtype themselves.
> "php_admin_flag engine off" will probably render most of the issues you
> mentioned useless in one shot.
I had never heard of that flag before. Nice.
http://us.php.net/manual/es/ref.apache.php
I don't think I like seeing php and apache being so tightly coupled,
but I suppose we need to live in the real world, eh?
tr
-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact: services at doctorunix.com
Full-Disclosure is hosted and sponsored by Secunia.