Very cute! "Upgrade Now!" It will work well with PHP newbies. Not!
"Richard Lynch" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > >Not being an expert in php..i couldnt understand the vulnerability. > >Can someone shed some light here. > > Very short explanation: > > Upgrade. > Now! > > Longer one: > > If your web-site has *ANY* FORM tags on it, and you have PHP > ready-and-waiting to process those FORMs, then somebody could manage to > create a really icky FORM page and POST to your site and break in. > > Actually, even if you do *NOT* have the FORM tags, but you're "allowing" > them in httpd.conf, and PHP is there, they could break in. > > Presumably the precise details of what you'd have to slam into the FORM to > break in are simply too complex to fit into an Announcement of this nature. > I imagine the Details could be dug out of Bugtrak and/or wherever the bug > was first announced/discussed. Presumably PHP-Dev and e-matters would be > good places to start digging for gory details. > > If Upgrading is impossible, *AND* you don't use FORMs with PHP in the first > place (highly unlikely) than you could just "turn off" POST (forms) in your > httpd.conf and nobody will be allowed to POST (send a form) anything to your > web-site, and then PHP won't ever see the data, since Apache stopped them, > and the bug wouldn't kick in. > > Upgrade. > Now! > > -- > Like Music? http://l-i-e.com/artists.htm > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
