On Mon, Dec 03, 2012 at 06:44:24PM -0500, Jeffrey Walton wrote: > > "Yes, we have responsibility, but no enough time to make a new release. ... > > This failure will never used by real hackers because it's better to found > > something in Acrobat or other wildspread soft. ... So stop crying, kiddy." > > > > Conclusion: Better think twice before using a software from developers like > > this. There are alternatives to EasyPHP. > That sounds like a Pwnie Award nomination for the lamest vendor > response. http://pwnies.com. > >> codetester.php gets the php via a form which submits it to hardcoded > >> url http://127.0.0.1/home/codetester.php Their documentation is extremely clear that their software should only ever be used locally: [...] and develop or present locally [...] [...] For developers and development only... Not for production or web hosting. EasyPHP is a development tool and is not intended to host websites or applications. http://www.easyphp.org/introduction.php If their webserver binds to anything other than localhost then I'll quickly agree that this is a misconfiguration and a security problem. But if they do bind to localhost only this seems a bit overhyped.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/