Ashar Voultoiz <hashar@...
<http://gmane.org/get-address.php?address=hashar%2dwhniv8GeeGkdnm%2byROfE0A%40public.gmane.org>>
wrote
Thomas Gries wrote:
To whom it may concern:
PHP File-Upload $GLOBALS Overwrite Vulnerability
http://www.hardened-php.net/advisory_202005.79.html
$GLOBAL Overwrite and it's Consequences:
http://www.hardened-php.net/index.76.html
We dont use register_globals on WikiMedia website, i think most php
packages now ship with register_globals to off and anyone still using it
should recode their scripts :)
Ashar,
thank you for quick reply.
However, the above references describe a severe problem even for the case, that
register_globals _is_ off.
The UPLOAD function has the flaw (pls. carefully study the both resources), which can
cause a glitch in the PHP internal setting for register_globals.
I recommend the MediaWiki developers study the both references for consequences.
Tom