steve miller wrote:
On Nov 26, 2008, at 9:42 AM, David Precious wrote:
Will untrusted users be able to upload stuff, or will uploading be
limited to trusted users only? If trusted users only, then, as long
as the software has no silly holes in it, you should be relatively safe.
This is the part I don't understand! In oscommerce, you can not upload
files unless you have access to the admin section which requires
knowledge of username/pw. Yet somehow the images directory with 777 gets
files uploaded into it. How are they doing this?
Maybe there's some vulnerability which allows untrusted users to upload
stuff even though they're not supposed to.
This is on a shared server; is it possible they are getting in from some
other domain on the server?
It's certainly possible; seems fairly unlikely though.
Cheers
David P
____ The WDVL Discussion List from WDVL.COM ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or
use the web interface http://e-newsletters.internet.com/discussionlists.html/
Send Your Posts To: [email protected]
To change subscription settings, add a password or view the web interface:
http://intm-dl.sparklist.com/read/?forum=wdvltalk
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
