On 19 Jan 2004, Csan wrote: > The URL is part of a postnuke site and they could start up the telnetd binary > with invoking an URL similar to the above URL! > Is this a known sechole?
I think you should be able to avoid such exploits by using PHP's safe mode. It allow you, among other things, to specify that only files in a particular directory may be executed. This way, even if someone succeeds uploading an exploit onto your server, he won't be able to run it. Regards, Oliver
