HomeBuilding Your WebsiteWeb Programming and Application Development

Alert: PHP flaw leaves sites vulnerable

Wil posted this at 11:44 — 28th February 2002.

They have: 601 posts

Joined: Nov 2001

Scripting flaw leaves sites vulnerable

By Robert Lemos
Staff Writer, CNET News.com
February 27, 2002, 5:40 PM PT

A flaw in the common open-source scripting language PHP could allow attackers to crash or compromise a hefty fraction of the nine million servers running the open-source Web software Apache, as well as other Web servers.

...

http://news.com.com/2100-1001-847092.html

- wil

mairving posted this at 12:49 — 28th February 2002.

mairving's picture

They have: 2,256 posts

Joined: Feb 2001

The main vulnerbility was with file uploads through PHP. Of course, file uploads in my opinion are never a good thing unless they are in an admin area. Their is a possible vulnerbility that exists through Vbulletin with file uploads. This site is fairly safe since the only file upload granted to the public is avatars.

Here is Vbulletin's announcement on the subject.
Here is more info.

Mark Irving
I have a mind like a steel trap; it is rusty and illegal in 47 states

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.