Stut wrote:
I think we may have to agree to disagree. I love PHP. I've never had a

Ah I completely forgot about this sort of fun thing that I find in my email almost once a week, just got this one:

now how many phpinfo() pages do you think there are and how many are vulnerable to the cross-site scripting attack.

So this report means you have to upgrade your binary and it addresses:
 - system level problems (buffer overflow, memory leak, potential crash)
 - web based secuity attacks (corss-site scripting)
 - code based security attacks (restriction bybasses)

*exactly* the sort of stuff thats jaded me :)

Time to upgrade each install of PHP on all 13 server's :)

The phpingo(0 reminds me of the one they had where a php file with only this line:

 <? phpinfo(); ?>

would allow an attacker to upload a rootkit and damage the system, saaaweeet ;p

or a cross site scripting/SQL injection thing that'd allow people to post HTML to your site and make it show whatever they wanted...

good times, good times

Peace everyone, its been really fun :)

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to