Good point, but I actually reccomend newbies subscribe to bugtraq. It really
opened my eyes to the world of cross-site scripting. Now I not only know how,
but do, write secure code.
If I saw a warning about a script either here or on bugtraq, I would
immediatly patch it- or at least shut down
I agree, but it may be usefull to tell those newbies that when you
execute a command from PHP that will get some parameters from an external
source (like a form or a get variable) ALWAYS use the
escapeshellcmd()
function to prevent users from executing arbitrary commands.
bvr.
>There's such a
> I'm think I'm going to start forwarding all the bugtraq
> alerts for PHP scripts to this list. Any objections?
Yes, if the author of the script isn't on the list it's useless
unless someone wants to patch their script themselves. And if
they're the kind of person who's inclined to do that, the
I'm think I'm going to start forwarding all the bugtraq alerts for PHP
scripts to this list. Any objections?
-- Forwarded Message --
Subject: PhpSmsSend remote execute commands bug
Date: Tue, 29 Jan 2002 18:57:51 + (GMT)
From: Indra Kusuma <[EMAIL PROTECTED]>
To: <[EMAIL
4 matches
Mail list logo
