> Or turn off Register_global, and then MODULES_DIR would only exist in
> $_GET[]. I chalk this one up to a bad PHP configuration:
>
> http://www.php.net/register_globals
>
> While it would not stop attacks that could cause you to include stuff
> if other variables are not checked before bli
On Jan 29, 2007, at 21:52 , Shane Chrisp wrote:
I know this is not exactly vpopmail related, but as its a vpopmail
related tool i thought others here would like to be made aware of
this.
I have been using vhostadmin for a while now, and have just noticed
that
it is vulnerable to a xss att