PHP Buzz Forum - Testing script allow_url_fopen + register

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

PHP Buzz Forum
Testing script allow_url_fopen + register_globals vulnerability

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Forum One

Posts: 118
Nickname: forumone
Registered: Sep, 2004

Forum One is consulting firm specializing in helping non-profits improve their online presence.

Testing script allow_url_fopen + register_globals vulnerability

Posted: Sep 25, 2006 12:55 PM

This post originated from an RSS feed registered with PHP Buzz by Forum One.
Original Post: Testing script allow_url_fopen + register_globals vulnerability Feed Title: Syntax Framework Feed URL: http://blog.syntaxcms.org/rss.php?version=0.91 Feed Description: Finally, a place to answer Syntax questions	Latest PHP Buzz Posts Latest PHP Buzz Posts by Forum One Latest Posts From Syntax Framework

A vulnerability was discovered in SyntaxCMS testing code that can be exploited to include a remote file. If you're site is running with php's register_globals turned on, and allow_url_fopen turned on, with PHP 4.3.0 or later, you may be vulnerable. We've prepared a patch to fix the vulnerability, which you can find here.

If you can't update from CVS or patch your system you can also disable register_globals and allow_url_fopen, delete the public/admin/testing directory, or drop the following .htaccess file into public/admin/testing/tests if you are using Apache:

<Files .php>
    deny from all
</Files>

Read: Testing script allow_url_fopen + register_globals vulnerability

Previous Topic

Next Topic


	Web Artima.com