Chris, do you suggest hardcoding the filenames even when referencing the same file that is executing?
On 12/26/06, Chris Shiflett <[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote: > Hello, I am trying to research an issue about PHP_SELF and was > wondering if anyone knew the currently status of this exploit. > I read a description of the exploit that was a couple of years > old but can not find any "current" status of the bug, even on > the php.net bug tracking. It's not a bug. It's a vulnerability that you can create in your own applications if you blindly trust $_SERVER['PHP_SELF']. Don't do that. Chris -- Chris Shiflett http://shiflett.org/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
-- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 [EMAIL PROTECTED]
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
