PHP Security Information: PHP File-Upload $GLOBALS Overwrite Vulnerability - Wikitech-l - lists.wikimedia.org

List overview All Threads
Download

PHP Security Information: PHP File-Upload $GLOBALS Overwrite Vulnerability

Re: PHP Security Information: PHP...

Automatic capitalisation on the...

Thomas Gries

31 Oct 2005 31 Oct '05

9:53 p.m.

To whom it may concern:

PHP File-Upload $GLOBALS Overwrite Vulnerability http://www.hardened-php.net/advisory_202005.79.html

$GLOBAL Overwrite and it's Consequences: http://www.hardened-php.net/index.76.html

Reply

Show replies by date

Ashar Voultoiz

1 Nov 1 Nov

2:32 a.m.

New subject: PHP Security Information: PHP File-Upload $GLOBALS Overwrite Vulnerability

Thomas Gries wrote:

To whom it may concern:

PHP File-Upload $GLOBALS Overwrite Vulnerability http://www.hardened-php.net/advisory_202005.79.html

$GLOBAL Overwrite and it's Consequences: http://www.hardened-php.net/index.76.html

Hello,

Thanks for the notice about the exploit: "overwriting the GLOBALS array when register_globals is turned on"

We dont use register_globals on WikiMedia website, i think most php packages now ship with register_globals to off and anyone still using it should recode their scripts :)

cheers,

-- Ashar Voultoiz - WP++++ http://en.wikipedia.org/wiki/User:Hashar http://www.livejournal.com/community/wikitech/ IM: hashar@jabber.org ICQ: 15325080

Reply

6980

Age (days ago)

6981

Last active (days ago)

wikitech-l@lists.wikimedia.org

1 comments

2 participants

tags (0)

participants (2)

Ashar Voultoiz
Thomas Gries