On 1/28/2010 12:17, patspiper wrote:
Was the php shell C99madshell?
It seems many sites have been recently compromised via this shell. The
ways the shell is uploaded depends on the vulnerabilities of the forum
software.
my point that i just tried to make in a (very) recent post is that this type of
c4rp would not happen if the vars passed in the GET and POST were properly
sanitized ;)
FWIW: it doesn't matter which shellcode was used as long as any shellcode can be
pulled from a remote site via an unsanitized var...
--
_______________________________________________
Lazarus mailing list
[email protected]
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
