Salut Am "mostenit" 4 siteuri care la o testare cu Havij s-au dovedit vulnerabile msqli. Ce metode se pot folosi pentru a elimina vulnerabilitarea , se doreste o metoda globala nu rescrierea de la zero a siteurilor.
In php.ini am register_globals = Off magic_quotes_gpc = Off magic_quotes_runtime = Off magic_quotes_sybase = Off Apache are instalat mod_security cu listele de la gotroot (-- Web Application protectio<http://www.gotroot.com/downloads/ftp/mod_security/rules.conf> n) O cheste care se pare ca functioneaza oarecum e GreenSQL care deocamda e in modul de invatare pentru a putea crea reguli Linux gateway.net.sediu 2.6.18-194.el5 #1 SMP Fri Apr 2 14:58:35 EDT 2010 i686 athlon i386 GNU/Linux php-cli-5.2.17-1.el5.art php-pgsql-5.2.17-1.el5.art php-mbstring-5.2.17-1.el5.art php-common-5.2.17-1.el5.art php-gd-5.2.17-1.el5.art php-ldap-5.2.17-1.el5.art php-pear-1.4.9-6.el5 php-pdo-5.2.17-1.el5.art php-odbc-5.2.17-1.el5.art php-snmp-5.2.17-1.el5.art php-devel-5.2.17-1.el5.art php-5.2.17-1.el5.art php-mysql-5.2.17-1.el5.art mysql-server-5.0.77-4.el5_5.4 mysql-devel-5.0.77-4.el5_5.4 proftpd-mysql-1.3.3c-1.el5.rf mysql-connector-odbc-3.51.26r1127-1.el5 Iancu Georgel _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
