waldo kitty wrote:
my point that i just tried to make in a (very) recent post is that
this type of c4rp would not happen if the vars passed in the GET and
POST were properly sanitized ;)
FWIW: it doesn't matter which shellcode was used as long as any
shellcode can be pulled from a remote site via an unsanitized var...
It is not only a matter of sanitizing GET and POST vars. The php shell
could be uploaded as an avatar (an image) and executed if no proper
safeguards are taken to prevent that. And this is just one example of
vulnerabilities.
--
_______________________________________________
Lazarus mailing list
[email protected]
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
