Jeff, there's a description of it here:
http://security.e-matters.de/advisories/012002.html
At 10:35 AM 2/28/02 -0500, you wrote:
Gregg,
What was the vulnerability? I allow people to upload and download via
PHP scripts on my web site, and probably should tighten up my security...
-Jeff
On Thu, 28 Feb 2002, Gregg Kemp wrote:
> Hi all,
>
> I have temporarily disabled the ability to upload a file to the list's
"upload" gallery. You can still view everything ok, but you just want be
able to upload any new images for a while.
>
> I learned today of a bug in the scripting language I use for the
uploads that makes the Pinhole Visions web site vulnerable to hackers
through file uploads. There is a fix for this bug, but the fix will
require some time to implement. I hope to have this fixed this weekend,
if possible.
>
> Thanks,
>
> Gregg
>
> _______________________________________________
> Post to the list as PLAIN TEXT only - no HTML
> Pinhole-Discussion mailing list
> Pinhole-Discussion@p at ???????
> unsubscribe or change your account at
> http://www.???????/discussion/
>
_______________________________________________
Post to the list as PLAIN TEXT only - no HTML
Pinhole-Discussion mailing list
Pinhole-Discussion@p at ???????
unsubscribe or change your account at
http://www.???????/discussion/
_____________________________________________________
Pinhole Visions at http://www.???????
Worldwide Pinhole Photograhy Day at http://www.pinholeday.org
