[22045] in bugtraq
Re: New command execution vulnerability in myPhpAdmin
daemon@ATHENA.MIT.EDU (Heikki Korpela)
Tue Jul 31 17:57:34 2001
Date: Wed, 1 Aug 2001 00:35:55 +0300 (EEST)
From: Heikki Korpela <heko@iki.fi>
Reply-To: <heko@iki.fi>
To: Mark Renouf <mark@tweakt.net>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <3B672021.1030109@tweakt.net>
Message-ID: <Pine.LNX.4.33.0108010032040.1931-100000@saitti.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 31 Jul 2001, Mark Renouf wrote:
> I would HIGHLY
> recommend turning off register_globals in php.ini (which is the default
> in set in php.ini-dist for php4+).
This is incorrect. Currently register_globals is by default
On, and most scripts out there assume that it is so. Whether or not
it will remain as so is still open for discussion.
Also see Rasmus Lerdorf's proposal:
http://marc.theaimsgroup.com/?l=php-dev&m=99638397319055&w=2
--
<---------------------------------------------------------------------->
Heikki Korpela -- heko@iki.fi -- http://iki.fi/heko/
