1. (!!!) Absolutely easily generate new sessions with any content for every
site on server.
It's because of the 'suspect' nature of sessions and cookies that i never place userid,username or password in sessions. My tactic is to aways have 2 column mysql table and store session identifier and corresponding userid in it. So even if someone does create a bogus session they still have to find a way to insert a userid into the mysql db.
3. Flood every http server writable directory with thousands or millionsset quotas. Some admins even set quota for the root user, which is inconvinient by safe.
files.
-- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
