ventureskills
Fri 27 April 2007, 11:39 pm GMT +0200
So depending on your point of view a great way to get back links or an Evil XSS attack focused around phpinfo()
http://www.davidnaylor.co.uk/archives/2007/04/27/would-anyone-like-some-free-backlinks/A programmer at David Naylor Blog has full details, don't you just love it when not only you find a bug but its one spammers can use!
Mind_nl
Fri 27 April 2007, 11:55 pm GMT +0200
Thats a nasty bug, which I'm sure will be used by a lot of people.
olaf
Sat 28 April 2007, 12:12 am GMT +0200
great, and it works also with version 4.3.11
Nikolas
Sat 28 April 2007, 01:01 pm GMT +0200
Hmmm. Today I made a script that takes full advantage of this :)
My only prob is how to get those links indexed.
BTW do you think it would be wise to sell that script or I should just keep it for me and my friends?
ventureskills
Sat 28 April 2007, 02:28 pm GMT +0200
I wouldn't sell it might damage your reputation how about making a bit of a tutorial out of it, and include the how to secure such problems ;)
YMC
Sun 29 April 2007, 12:08 am GMT +0200
Hmm, I wish I understood what was happening here.
Forgive the stupid question - but is this based on the version of php my host is using?
If you make a tutorial on how to protect against this, please let me know - then maybe I could hope to understand what this is all about.
olaf
Sun 29 April 2007, 07:54 am GMT +0200
Hmm, I wish I understood what was happening here.
Forgive the stupid question - but is this based on the version of php my host is using?
If you make a tutorial on how to protect against this, please let me know - then maybe I could hope to understand what this is all about.
how to protect? don't publish a phpinfo file :)
Nikolas
Sun 29 April 2007, 03:26 pm GMT +0200
Tim, you are right it would be wrong to publish that.
YMC, having a phpinfo() page on your server may be a real problem. This specific "bug" is not really a problem for the host owner.
But phpinfo can - some times - provide critical information to a hacker :)