[EMAIL PROTECTED] wrote: > Hello, I am trying to research an issue about PHP_SELF and was > wondering if anyone knew the currently status of this exploit. > I read a description of the exploit that was a couple of years > old but can not find any "current" status of the bug, even on > the php.net bug tracking.
It's not a bug. It's a vulnerability that you can create in your own applications if you blindly trust $_SERVER['PHP_SELF']. Don't do that. Chris -- Chris Shiflett http://shiflett.org/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
