Jason, >This article worries me a bit: >http://www.securityfocus.com/guest/24043 [...] >The vulerability discussed allowed me to write arbitrary data to the >server's hard disk, run all kinds of shell commands, and get the output >back in my browser. Worrying to be sure.
Hmm, I've only skimmed the article yet but my first impression was that it a) was "only" a problem of the Geeklog/Gallery integration (not of Geeklog itself) and b) was "only" used to send spam. I must have missed the bit about writing to the server's hard disk, but I don't really have the time now to look into it. Can someone confirm if this is "only" a problem with the Gallery integration? bye, Dirk -- http://www.haun-online.de/ http://www.tinyweb.de/
