On Thu, March 15, 2007 9:15 am, Seak, Teng-Fong wrote:
> Stut wrote:
>> Seak, Teng-Fong wrote:
>>> But after I've spent some time reading the log files, I've
>>> finally
>>> found out how the hackers managed to achieve worm infiltration.
>>>
>>> Actually, they're using an URL like this:
>>>
>
> Seak, Teng-Fong wrote:
> > No, I don't deserve anything because, as I've written in the
> > original post (but I suppose you didn't notice), the website is
> > outsourced and made by a 3rd company.
Then you should be having this conversation with the 3rd party. They need
to validate *EVERY*
Turn off register_globals - if you pollute your scripts with global
variables like that you are asking for trouble. If you can't make sure you
clean the variable.
Using include("$page.php") is asking for trouble.
If you can get register_globals switched off (it's off by default in PHP5
for this
3 matches
Mail list logo
