[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] FWD: PhotoPost vBGallery ImportantSecurity Bulletin

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] FWD: PhotoPost vBGallery ImportantSecurity Bulletin
From: "php0t" <php0t@xxxxxxxx>
Date: Fri, 11 Jan 2008 17:14:15 +0100

From: "trains" <trains@xxxxxxxxxxxxxx>
> The "AddType" statement for php is normally system-wide, which means
> the web server will execute php scripts that may be found in the
> upload directory.  This can be fixed multiple ways:

They will just place an .htaccess and do addtype themselves.
"php_admin_flag engine off" will probably render most of the issues you 
mentioned useless in one shot.

p.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] FWD: PhotoPost vBGallery ImportantSecurity Bulletin
  - From: trains

References:
- [Full-disclosure] FWD: PhotoPost vBGallery Important Security Bulletin
  - From: ad@xxxxxxxxxxxxxxxx
- Re: [Full-disclosure] FWD: PhotoPost vBGallery Important Security Bulletin
  - From: trains
- Re: [Full-disclosure] FWD: PhotoPost vBGallery Important Security Bulletin
  - From: trains

Prev by Date: Re: [Full-disclosure] FWD: PhotoPost vBGallery Important Security Bulletin
Next by Date: Re: [Full-disclosure] scada/plc gear
Previous by thread: Re: [Full-disclosure] FWD: PhotoPost vBGallery Important Security Bulletin
Next by thread: Re: [Full-disclosure] FWD: PhotoPost vBGallery ImportantSecurity Bulletin
Index(es):
- Date
- Thread